hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-12564) consolidate the getTableDescriptors() semantic
Date Tue, 02 Dec 2014 15:49:13 GMT

     [ https://issues.apache.org/jira/browse/HBASE-12564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Matteo Bertozzi updated HBASE-12564:
------------------------------------
    Attachment: HBASE-12564-v1.patch

v1 adds the ACLs checks to listTableNames().
basically you can only see the tables you have access to.
so getTableDescriptors() and listTableNames() have the same behavior.

We also have two similar methods ListNamespaceDescriptors() and  ListTableDescriptorsByNamespace()
that now are doing the same thing as getTableDescriptor() and listTableNames() with a filter
on the ns but they don't have any ACL check. I'll open a new jira to remove them (or at least
aligning them to the getTableDescriptor() and listTableNames())

> consolidate the getTableDescriptors() semantic
> ----------------------------------------------
>
>                 Key: HBASE-12564
>                 URL: https://issues.apache.org/jira/browse/HBASE-12564
>             Project: HBase
>          Issue Type: Bug
>          Components: Client, master
>    Affects Versions: 2.0.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>            Priority: Minor
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12564-v0.patch, HBASE-12564-v1.patch
>
>
> Master getTableDescriptors() which is called by Admin.listTables() has a couple of different
behaviors depending on how it is called. 
> after HBASE-12073 with the AccessController enabled, we now get a "global admin" required
if listTables() is called without a regex otherwise we return only the table that the user
can see (we show only the tables that the user have access to, which means or the user is
a global admin or it has a table-level create/admin). We probably should have the second behavior
even without regex, since I should able to see "my own tables". 
> getTableDescriptors() is returning only non system tables. Tools like user_permission
that are doing "for each listTable(): userPerm(table)" are losing the system tables, so stuff
like user_permission 'hbase:acls' will not result any result.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message