[jira] [Updated] (HBASE-7333) Improve the security shell commands

["Andrew Purtell (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/HBASE-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Purtell updated HBASE-7333:
----------------------------------

    Description: 
The shell commands for security are rudimentary and should be improved. The commands we have need to be updated for the "AccessController v2" changes. The distinction between the shell and the Java (admin) API is blurry because our shell is JRuby but it makes sense to provide some convenient shortcuts for common actions.

At a minimum the current set of commands should validate their arguments.

'revoke' should be improved so all access for a given user can be conveniently revoked with one command, as opposed to requiring a specific revoke for every previous grant. This may involve interaction with a master mediated transaction or barrier framework. 

Once HBASE-6222 is in, it should be possible to conveniently construct ACLs and add them to DML ops like put and delete; and there should be support for dumping ACLs at the cell level too.

Also, I observed 'user_permission' fail with NPEs on a colleague's workstation recently. It could have been the local environment, but I suspect there may be some rot here.

  was:
The shell commands for security are rudimentary and should be improved. The commands we have need to be updated for the "AccessController v2" changes. The distinction between the shell and the Java (admin) API is blurry because our shell is JRuby but it makes sense to provide some convenient shortcuts for common actions. 

Also, I observed 'user_permission' fail with NPEs on a colleague's workstation recently. It could have been the local environment, but I suspect there may be some rot here.

    
> Improve the security shell commands
> -----------------------------------
>
>                 Key: HBASE-7333
>                 URL: https://issues.apache.org/jira/browse/HBASE-7333
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security, shell
>    Affects Versions: 0.96.0, 0.94.4
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>
> The shell commands for security are rudimentary and should be improved. The commands we have need to be updated for the "AccessController v2" changes. The distinction between the shell and the Java (admin) API is blurry because our shell is JRuby but it makes sense to provide some convenient shortcuts for common actions.
> At a minimum the current set of commands should validate their arguments.
> 'revoke' should be improved so all access for a given user can be conveniently revoked with one command, as opposed to requiring a specific revoke for every previous grant. This may involve interaction with a master mediated transaction or barrier framework. 
> Once HBASE-6222 is in, it should be possible to conveniently construct ACLs and add them to DML ops like put and delete; and there should be support for dumping ACLs at the cell level too.
> Also, I observed 'user_permission' fail with NPEs on a colleague's workstation recently. It could have been the local environment, but I suspect there may be some rot here.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira