You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Yi Mei (JIRA)" <ji...@apache.org> on 2019/06/24 04:01:00 UTC
[jira] [Commented] (HBASE-21995) Add a coprocessor to set HDFS ACL
for hbase granted user
[ https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16870793#comment-16870793 ]
Yi Mei commented on HBASE-21995:
--------------------------------
Pushed to master and branch-2. Thanks [~openinx] and [~zghaobac] for review.
> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
> Key: HBASE-21995
> URL: https://issues.apache.org/jira/browse/HBASE-21995
> Project: HBase
> Issue Type: Sub-task
> Reporter: Yi Mei
> Assignee: Yi Mei
> Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> To make hbase granted user have the access to scan table snapshots, use HDFS ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users' permission to '--x' to make everyone have the permission to access the directory.
> 2. For namespace or table directories such as 'data/ns/table', 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>
> For more details, please reference the design doc: https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)