hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "huzheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17472) Correct the semantic of permission grant
Date Mon, 16 Jan 2017 06:54:27 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15823543#comment-15823543
] 

huzheng commented on HBASE-17472:
---------------------------------

[~ashish singhi] ,   Your concern is reasonable .   Can we add hint for grant command after
we change the behavior ?  

On the side,  currently,   we can't revoke single action of a user , administrators maybe
use grant  command to revoke single action for a user , I guess. 

So , a more reasonable solution ( behavior like other databases , such as MySQL) maybe : 

1. Grant command add (not replace) one or more action(s) for a user; 
2. Revoke command remove one or more action(s) for a user. 


 

> Correct the semantic of  permission grant
> -----------------------------------------
>
>                 Key: HBASE-17472
>                 URL: https://issues.apache.org/jira/browse/HBASE-17472
>             Project: HBase
>          Issue Type: Improvement
>          Components: Admin
>            Reporter: huzheng
>            Assignee: huzheng
>
> Currently, HBase grant operation has following semantic:
> {code}
> hbase(main):019:0> grant 'hbase_tst', 'RW', 'ycsb'
> 0 row(s) in 0.0960 seconds
> hbase(main):020:0> user_permission 'ycsb'
> User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                                                                         
                                                          
>  hbase_tst                                                   default,ycsb,,: [Permission:actions=READ,WRITE]
                                                                                         
                                                                                         
                      
> 1 row(s) in 0.0550 seconds
> hbase(main):021:0> grant 'hbase_tst', 'CA', 'ycsb'
> 0 row(s) in 0.0820 seconds
> hbase(main):022:0> user_permission 'ycsb'
> User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
>  hbase_tst                                                   default,ycsb,,: [Permission:
actions=CREATE,ADMIN]                                                                    
                                                           
> 1 row(s) in 0.0490 seconds
> {code}  
> Later permission will replace previous granted permissions, which confused most of HBase
administrator.
> It's seems more reasonable that HBase merge multiple granted permission.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message