hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng Hu (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-11013) Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
Date Tue, 09 May 2017 11:58:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002551#comment-16002551
] 

Zheng Hu edited comment on HBASE-11013 at 5/9/17 11:57 AM:
-----------------------------------------------------------

[~tedyu],  Sure.  we can  test it by following shell command (I did not implement ruby shell
command in patch v1, and made up it in patch v2):

{code}
hbase(main):034:0> grant 'user1', 'RW', 't1'
Took 0.0970 seconds                                                                      
                                                                                         
                                                           
hbase(main):035:0> grant 'user2', 'R', 't1'
Took 0.0850 seconds                                                                      
                                                                                         
                                                           
hbase(main):036:0> grant 'user3', 'RWXCA', 't1'
Took 0.0830 seconds                                                                      
                                                                                         
                                                           
hbase(main):037:0> user_permission 't1'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 user1                                                       default,t1,,: [Permission: actions=READ,WRITE]
                                                                                         
                                         
 user2                                                       default,t1,,: [Permission: actions=READ]
                                                                                         
                                               
 user3                                                       default,t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                                                                                         
                       
3 row(s)
Took 0.0460 seconds                                                                      
                                                                                         
                                                           
hbase(main):038:0> snapshot 't1', 'snapT1'
Took 0.3580 seconds                                                                      
                                                                                         
                                                           
hbase(main):039:0> clone_snapshot 'snapT1', 'tableWithAcl', {RESTORE_ACL=>true}
Took 0.8660 seconds                                                                      
                                                                                         
                                                           
hbase(main):040:0> user_permission 'tableWithAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 user1                                                       default,tableWithAcl,,: [Permission:
actions=READ,WRITE]                                                                      
                                                   
 user2                                                       default,tableWithAcl,,: [Permission:
actions=READ]                                                                            
                                                   
 openinx                                                     default,tableWithAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                   
 user3                                                       default,tableWithAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                   
4 row(s)
Took 0.0430 seconds                                                                      
                                                                                         
                                                           
hbase(main):041:0> clone_snapshot 'snapT1', 'tableWithoutAcl'
Took 0.3620 seconds                                                                      
                                                                                         
                                                           
hbase(main):042:0> user_permission 'tableWithoutAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 openinx                                                     default,tableWithoutAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                
1 row(s)
{code} 

ps:  openinx is the user who execute shell command.

Thanks for your feedback.  


was (Author: openinx):
[~tedyu],  Sure.  we can  test it by following shell command (I did not implement ruby shell
command in patch v1, and did it in patch v2):

{code}
hbase(main):034:0> grant 'user1', 'RW', 't1'
Took 0.0970 seconds                                                                      
                                                                                         
                                                           
hbase(main):035:0> grant 'user2', 'R', 't1'
Took 0.0850 seconds                                                                      
                                                                                         
                                                           
hbase(main):036:0> grant 'user3', 'RWXCA', 't1'
Took 0.0830 seconds                                                                      
                                                                                         
                                                           
hbase(main):037:0> user_permission 't1'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 user1                                                       default,t1,,: [Permission: actions=READ,WRITE]
                                                                                         
                                         
 user2                                                       default,t1,,: [Permission: actions=READ]
                                                                                         
                                               
 user3                                                       default,t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                                                                                         
                       
3 row(s)
Took 0.0460 seconds                                                                      
                                                                                         
                                                           
hbase(main):038:0> snapshot 't1', 'snapT1'
Took 0.3580 seconds                                                                      
                                                                                         
                                                           
hbase(main):039:0> clone_snapshot 'snapT1', 'tableWithAcl', {RESTORE_ACL=>true}
Took 0.8660 seconds                                                                      
                                                                                         
                                                           
hbase(main):040:0> user_permission 'tableWithAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 user1                                                       default,tableWithAcl,,: [Permission:
actions=READ,WRITE]                                                                      
                                                   
 user2                                                       default,tableWithAcl,,: [Permission:
actions=READ]                                                                            
                                                   
 openinx                                                     default,tableWithAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                   
 user3                                                       default,tableWithAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                   
4 row(s)
Took 0.0430 seconds                                                                      
                                                                                         
                                                           
hbase(main):041:0> clone_snapshot 'snapT1', 'tableWithoutAcl'
Took 0.3620 seconds                                                                      
                                                                                         
                                                           
hbase(main):042:0> user_permission 'tableWithoutAcl'
User                                                         Namespace,Table,Family,Qualifier:Permission
                                                                                         
                                            
 openinx                                                     default,tableWithoutAcl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]                                                    
                                                
1 row(s)
{code} 

ps:  openinx is the user who execute shell command.

Thanks for your feedback.  

> Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
> ------------------------------------------------------------------------------------------
>
>                 Key: HBASE-11013
>                 URL: https://issues.apache.org/jira/browse/HBASE-11013
>             Project: HBase
>          Issue Type: Improvement
>          Components: snapshots
>            Reporter: Ted Yu
>            Assignee: Zheng Hu
>         Attachments: HBASE-11013.v1.patch, HBASE-11013.v2.patch
>
>
> Currently,
> {code}
> sudo su - test_user
> create 't1', 'f1'
> sudo su - hbase
> snapshot 't1', 'snap_one'
> clone_snapshot 'snap_one', 't2'
> {code}
> In this scenario the user - test_user would not have permissions for the clone table
t2.
> We need to add improvement feature such that the permissions of the original table are
recorded in snapshot metadata and an option is provided for applying them to the new table
as part of the clone process.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message