hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9206) namespace permissions
Date Tue, 18 Nov 2014 06:06:34 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14215760#comment-14215760
] 

Francis Liu commented on HBASE-9206:
------------------------------------

Yes, let's get it in. Going through the Jira:

{quote}
'RWXCA' on the namespace dominates permissions for tables and CFs in the namespace.
{quote}
This is already done in a separate Jira.

{quote}
'C' on the namespace also allows table creation in the namespace.
{quote}
Needs to be done. Have internal patch.

{quote}
'A' on the namespace does not grant admin privilege - let's document this exception clearly.
{quote}
This is already true. AFAIK.

{quote}
    Global permissions 'A' and 'C' dominate namespace perms and also grant admin and create
perms on the namespace itself.
{quote}
This is also true. Need to check.

{quote}
adding a new privilege for listing tables and tables in a namespace? "L"?
{quote}
This needs to be done.

So it seems to me 'C' and 'L' privileges are what's missing. We can push 'C' upstream. Which
IMHO is one of the most useful privileges. For 'L', will try to get to it, not unless someone
has time. Will create two subtasks.





> namespace permissions
> ---------------------
>
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
>             Fix For: 0.99.2
>
>
> Now that we have namespaces let's address how we can give admins more flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing privileges and
see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message