You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Appy (JIRA)" <ji...@apache.org> on 2018/02/14 02:00:00 UTC

[jira] [Commented] (HBASE-17472) Correct the semantic of permission grant

    [ https://issues.apache.org/jira/browse/HBASE-17472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363368#comment-16363368 ] 

Appy commented on HBASE-17472:
------------------------------

Sorry for ultra late review.
Seeing the final patch which was committed to branch-1.4, the value of flag is always false, and the one which was committed to master, the flag is always true for production code (there are a few false in only test code, but that shouldn't count).
Going by that high level picture, it feels like we didn't need to make any change in branch-1.4 since adding a param always setting it to false is a no-op.
And for master, only the change to AccessControlLists#addUserPermission would have been sufficient.
We didn't need any new param or updating anything else.
What am i missing?

> Correct the semantic of  permission grant
> -----------------------------------------
>
>                 Key: HBASE-17472
>                 URL: https://issues.apache.org/jira/browse/HBASE-17472
>             Project: HBase
>          Issue Type: Improvement
>          Components: Admin
>    Affects Versions: 2.0.0, 1.4.0
>            Reporter: Zheng Hu
>            Assignee: Zheng Hu
>            Priority: Major
>             Fix For: 2.0.0, 1.4.0
>
>         Attachments: HBASE-17472.branch-1.3.v6.patch, HBASE-17472.branch-1.v6.patch, HBASE-17472.branch-1.v7.patch, HBASE-17472.master.v6.patch, HBASE-17472.master.v6.patch, HBASE-17472.master.v7.patch, HBASE-17472.v1.patch, HBASE-17472.v2.patch, HBASE-17472.v3.patch, HBASE-17472.v4.patch, HBASE-17472.v5.patch
>
>
> Currently, HBase grant operation has following semantic:
> {code}
> hbase(main):019:0> grant 'hbase_tst', 'RW', 'ycsb'
> 0 row(s) in 0.0960 seconds
> hbase(main):020:0> user_permission 'ycsb'
> User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                                                                                                                               
>  hbase_tst                                                   default,ycsb,,: [Permission:actions=READ,WRITE]                                                                                                                                                                                                           
> 1 row(s) in 0.0550 seconds
> hbase(main):021:0> grant 'hbase_tst', 'CA', 'ycsb'
> 0 row(s) in 0.0820 seconds
> hbase(main):022:0> user_permission 'ycsb'
> User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                       
>  hbase_tst                                                   default,ycsb,,: [Permission: actions=CREATE,ADMIN]                                                                                                                                
> 1 row(s) in 0.0490 seconds
> {code}  
> Later permission will replace previous granted permissions, which confused most of HBase administrator.
> It's seems more reasonable that HBase merge multiple granted permission.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)