You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Francis Liu (JIRA)" <ji...@apache.org> on 2014/11/18 07:06:34 UTC

[jira] [Commented] (HBASE-9206) namespace permissions

    [ https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14215760#comment-14215760 ] 

Francis Liu commented on HBASE-9206:
------------------------------------

Yes, let's get it in. Going through the Jira:

{quote}
'RWXCA' on the namespace dominates permissions for tables and CFs in the namespace.
{quote}
This is already done in a separate Jira.

{quote}
'C' on the namespace also allows table creation in the namespace.
{quote}
Needs to be done. Have internal patch.

{quote}
'A' on the namespace does not grant admin privilege - let's document this exception clearly.
{quote}
This is already true. AFAIK.

{quote}
    Global permissions 'A' and 'C' dominate namespace perms and also grant admin and create perms on the namespace itself.
{quote}
This is also true. Need to check.

{quote}
adding a new privilege for listing tables and tables in a namespace? "L"?
{quote}
This needs to be done.

So it seems to me 'C' and 'L' privileges are what's missing. We can push 'C' upstream. Which IMHO is one of the most useful privileges. For 'L', will try to get to it, not unless someone has time. Will create two subtasks.





> namespace permissions
> ---------------------
>
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
>             Fix For: 0.99.2
>
>
> Now that we have namespaces let's address how we can give admins more flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing privileges and see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)