Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 94B0F200CFC for ; Thu, 24 Aug 2017 05:51:06 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 9335316A47E; Thu, 24 Aug 2017 03:51:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DA2BD16A47C for ; Thu, 24 Aug 2017 05:51:05 +0200 (CEST) Received: (qmail 20012 invoked by uid 500); 24 Aug 2017 03:51:05 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 20001 invoked by uid 99); 24 Aug 2017 03:51:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2017 03:51:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 5DD9EC01E5 for ; Thu, 24 Aug 2017 03:51:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id ujQdI_fvRAQV for ; Thu, 24 Aug 2017 03:51:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 5D5A05FE34 for ; Thu, 24 Aug 2017 03:51:02 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id EFB91E0DE0 for ; Thu, 24 Aug 2017 03:51:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2F5A825386 for ; Thu, 24 Aug 2017 03:51:00 +0000 (UTC) Date: Thu, 24 Aug 2017 03:51:00 +0000 (UTC) From: "Duo Zhang (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HBASE-18659) Use HDFS ACL to give user the ability to read snapshot directly on HDFS MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 24 Aug 2017 03:51:06 -0000 [ https://issues.apache.org/jira/browse/HBASE-18659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Duo Zhang updated HBASE-18659: ------------------------------ Description: On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic about the permission to read hfiles on HDFS directly. {quote} For client-side scanner going against hfiles directly; is there a means of being able to pass the permissions from hbase to hdfs? {quote} And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much faster and consumes less resources, but only super use has the ability to read hfile directly on HDFS. So here we want to use HDFS ACL to address this problem. https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API The basic idea is to set acl and default acl on the ns/table/cf directory on HDFS for the users who have the permission to read the table on HBase. Suggestions are welcomed. was: On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic about the permission to read hfiles on HDFS directly. {quote} For client-side scanner going against hfiles directly; is there a means of being able to pass the permissions from hbase to hdfs? {quote} And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much faster and consumes less resources, but only super use has the ability to read hfile directly on HDFS. So here we want to use HDFS ACL to address this problem. https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API The basic idea is to set acl and default acl on the table directory on HDFS for the users who have the permission to read the table on HBase. Suggestions are welcomed. > Use HDFS ACL to give user the ability to read snapshot directly on HDFS > ----------------------------------------------------------------------- > > Key: HBASE-18659 > URL: https://issues.apache.org/jira/browse/HBASE-18659 > Project: HBase > Issue Type: New Feature > Reporter: Duo Zhang > > On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic about the permission to read hfiles on HDFS directly. > {quote} > For client-side scanner going against hfiles directly; is there a means of being able to pass the permissions from hbase to hdfs? > {quote} > And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much faster and consumes less resources, but only super use has the ability to read hfile directly on HDFS. > So here we want to use HDFS ACL to address this problem. > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API > The basic idea is to set acl and default acl on the ns/table/cf directory on HDFS for the users who have the permission to read the table on HBase. > Suggestions are welcomed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)