hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-12564) consolidate the getTableDescriptors() semantic
Date Mon, 01 Dec 2014 17:19:13 GMT

     [ https://issues.apache.org/jira/browse/HBASE-12564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Matteo Bertozzi updated HBASE-12564:
------------------------------------
    Attachment: HBASE-12564-v0.patch

v0 removes the deprecated Connection.listTables() added with HBASE-12073 (which is only in
master) in favor of the Admin API (as suggested by the doc).
v0 changes the getTableDescriptors() right check for the "list all" returning only the tables
that the user can see (table level Admin/Create).
v0 adds a new option to listTables() allowing to return the sys-tables, which is useful to
user_permission. 

I was thinking to add the same AccessController logic of getTableDescriptors() to getTableNames(),
which at the moment returns all the table names without asking anything (see HBASE-9182).
I think the behavior should be "give me all the names that I have access to" so the AccessController
should filter the tables like getTableDescriptors() but checking also Read/Write rights and
not only Admin/Create. [~apurtell]?

> consolidate the getTableDescriptors() semantic
> ----------------------------------------------
>
>                 Key: HBASE-12564
>                 URL: https://issues.apache.org/jira/browse/HBASE-12564
>             Project: HBase
>          Issue Type: Bug
>          Components: Client, master
>    Affects Versions: 2.0.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>            Priority: Minor
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12564-v0.patch
>
>
> Master getTableDescriptors() which is called by Admin.listTables() has a couple of different
behaviors depending on how it is called. 
> after HBASE-12073 with the AccessController enabled, we now get a "global admin" required
if listTables() is called without a regex otherwise we return only the table that the user
can see (we show only the tables that the user have access to, which means or the user is
a global admin or it has a table-level create/admin). We probably should have the second behavior
even without regex, since I should able to see "my own tables". 
> getTableDescriptors() is returning only non system tables. Tools like user_permission
that are doing "for each listTable(): userPerm(table)" are losing the system tables, so stuff
like user_permission 'hbase:acls' will not result any result.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message