hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Srungarapu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-12723) Update ACL matrix to reflect reality
Date Fri, 27 Feb 2015 09:04:05 GMT

     [ https://issues.apache.org/jira/browse/HBASE-12723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Srikanth Srungarapu updated HBASE-12723:
----------------------------------------
    Attachment: HBASE-12723_v3.patch

Thanks [~ashish singhi] for taking a look. Addressed your concern. Also added checks that
went in HBASE-12916. 

[~enis] Hope this is the format you are looking for. Can you please take a look when you get
a chance? It would be good to get this in as the existing documentation on acl matrix  has
gone state.

> Update ACL matrix to reflect reality
> ------------------------------------
>
>                 Key: HBASE-12723
>                 URL: https://issues.apache.org/jira/browse/HBASE-12723
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Enis Soztutar
>            Assignee: Srikanth Srungarapu
>             Fix For: 2.0.0, 1.0.1, 1.1.0
>
>         Attachments: HBASE-12723.patch, HBASE-12723_v2.patch, HBASE-12723_v3.patch, book.html
>
>
> The ACL matrix in the book should be updated with the recent changes.  
> https://hbase.apache.org/book/appendix_acl_matrix.html
> Also the format is not optimal. There is a hierarchy relation between scopes (GLOBAL
> NS > TABLE), but not so much between Permissions (A,C,R)
> Some things to do:
> - {{Minimum Permission}} column does not make sense. We should replace it. 
> - Add information about superuser 
> - grant is a multi level thing. Required permissions depend on the scope.
> - See HBASE-12511 and others changed some of the permissions 
> What I would like to see at the end is something like:
> {code}
> createNamespace        : superuser | global(A)
> deleteNamespace        : superuser | global(A) | NS(A)
> modifyNamespace        : superuser | global(A) | NS(A)
> getNamespaceDescriptor : superuser | global(A) | NS(A)
> listNamespaces         : All access*
> createTable            : superuser | global(C) | NS(C)
> grant 
>   NS Perm              : superuser | global(A) | NS(A)
>   Table Perm           : ...
> revoke 
>   NS Perm              : superuser | global(A) | NS(A)
>   Table Perm           : ...
> getPerms 
>   NS perm              : superuser | global(A) | NS(A)
>   Table Perm           : ...
> {code}
> See HBASE-12511. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message