hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng Hu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11013) Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
Date Tue, 09 May 2017 11:49:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002551#comment-16002551

Zheng Hu commented on HBASE-11013:

[~tedyu],  Sure.  we can  test it by following shell command (I did not implement ruby shell
command in patch v1, and did it in patch v2):

hbase(main):034:0> grant 'user1', 'RW', 't1'
Took 0.0970 seconds                                                                      
hbase(main):035:0> grant 'user2', 'R', 't1'
Took 0.0850 seconds                                                                      
hbase(main):036:0> grant 'user3', 'RWXCA', 't1'
Took 0.0830 seconds                                                                      
hbase(main):037:0> user_permission 't1'
User                                                         Namespace,Table,Family,Qualifier:Permission
 user1                                                       default,t1,,: [Permission: actions=READ,WRITE]
 user2                                                       default,t1,,: [Permission: actions=READ]
 user3                                                       default,t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
3 row(s)
Took 0.0460 seconds                                                                      
hbase(main):038:0> snapshot 't1', 'snapT1'
Took 0.3580 seconds                                                                      
hbase(main):039:0> clone_snapshot 'snapT1', 'tableWithAcl', {RESTORE_ACL=>true}
Took 0.8660 seconds                                                                      
hbase(main):040:0> user_permission 'tableWithAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
 user1                                                       default,tableWithAcl,,: [Permission:
 user2                                                       default,tableWithAcl,,: [Permission:
 openinx                                                     default,tableWithAcl,,: [Permission:
 user3                                                       default,tableWithAcl,,: [Permission:
4 row(s)
Took 0.0430 seconds                                                                      
hbase(main):041:0> clone_snapshot 'snapT1', 'tableWithoutAcl'
Took 0.3620 seconds                                                                      
hbase(main):042:0> user_permission 'tableWithoutAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
 openinx                                                     default,tableWithoutAcl,,: [Permission:
1 row(s)

ps:  openinx is the user who execute shell command.

Thanks for your feedback.  

> Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
> ------------------------------------------------------------------------------------------
>                 Key: HBASE-11013
>                 URL: https://issues.apache.org/jira/browse/HBASE-11013
>             Project: HBase
>          Issue Type: Improvement
>          Components: snapshots
>            Reporter: Ted Yu
>            Assignee: Zheng Hu
>         Attachments: HBASE-11013.v1.patch
> Currently,
> {code}
> sudo su - test_user
> create 't1', 'f1'
> sudo su - hbase
> snapshot 't1', 'snap_one'
> clone_snapshot 'snap_one', 't2'
> {code}
> In this scenario the user - test_user would not have permissions for the clone table
> We need to add improvement feature such that the permissions of the original table are
recorded in snapshot metadata and an option is provided for applying them to the new table
as part of the clone process.

This message was sent by Atlassian JIRA

View raw message