You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2013/08/13 20:30:51 UTC

[jira] [Comment Edited] (HBASE-9206) namespace permissions

    [ https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13738613#comment-13738613 ] 

Andrew Purtell edited comment on HBASE-9206 at 8/13/13 6:29 PM:
----------------------------------------------------------------

I see namespaces as another level in a hierarchy of grants: cell, column family, table, namespace, global. List that out in the inverse for the dominance relationship. If we do that, then it addresses:

{quote}
6. All namespace's tables create
7. All namespace's tables write
8. All namespace's tables execute
9. All namespace's tables delete
10. All namespace's tables admin
{quote}

Agree this sounds reasonable:

bq. 1-3, is currently set to global admin only. Which seems acceptable to me.

For these:

{quote}
4. list tables in namespace
5. create/drop tables in a namespace
{quote}

and also tangentially related to HBASE-8692, here's a thought: We could introduce a new permission 'S' (SCHEMA) for accessing and manipulating table and namespace schema.

                
      was (Author: apurtell):
    I see namespaces as another level in a hierarchy of grants: cell, column family, table, namespace, global. List that out in the inverse for the dominance relationship. If we do that, then it addresses:

{quote}
6. All namespace's tables create
7. All namespace's tables write
8. All namespace's tables execute
9. All namespace's tables delete
10. All namespace's tables admin
{quote}

bq. 1-3, is currently set to global admin only. Which seems acceptable to me.

+1

For these:

{quote}
4. list tables in namespace
5. create/drop tables in a namespace
{quote}

and also tangentially related to HBASE-8692, here's a thought: We could introduce a new permission 'S' (SCHEMA) for accessing and manipulating table and namespace schema.

                  
> namespace permissions
> ---------------------
>
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
>
> Now that we have namespaces let's address how we can give admins more flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing privileges and see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira