hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng Hu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11013) Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
Date Fri, 12 May 2017 04:03:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007604#comment-16007604

Zheng Hu commented on HBASE-11013:

bq. Can we be careful and make sure we do not break an hbase-2.0.0 being able to read old
hbase-1.x manifests?

[~stack],  Yes, we can read old hbase-1.x manifests.  In HBASE-11013.master.addendum.patch,
  I moved SnapshotDescription PB  into Snapshot.proto and add an optional UsersAndPermissions
field , which is imported  from AccessControl.proto under hbase-protocol-shaded.  PB moving
is OK for compatibility
.  For AccessControl.proto under hbase-protocol-shaded, we only use it for serializing/deserializing
user's permission in .snapshotinfo, and CPEP still use AccessControl.proto under hbase-protocol.
 So old CPEPs will work fine. 

> Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
> ------------------------------------------------------------------------------------------
>                 Key: HBASE-11013
>                 URL: https://issues.apache.org/jira/browse/HBASE-11013
>             Project: HBase
>          Issue Type: Improvement
>          Components: snapshots
>            Reporter: Ted Yu
>            Assignee: Zheng Hu
>             Fix For: 2.0.0
>         Attachments: HBASE-11013.master.addendum.patch, HBASE-11013.v1.patch, HBASE-11013.v2.patch
> Currently,
> {code}
> sudo su - test_user
> create 't1', 'f1'
> sudo su - hbase
> snapshot 't1', 'snap_one'
> clone_snapshot 'snap_one', 't2'
> {code}
> In this scenario the user - test_user would not have permissions for the clone table
> We need to add improvement feature such that the permissions of the original table are
recorded in snapshot metadata and an option is provided for applying them to the new table
as part of the clone process.

This message was sent by Atlassian JIRA

View raw message