You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Istvan Toth (Jira)" <ji...@apache.org> on 2022/01/07 07:40:00 UTC

[jira] [Created] (HBASE-26652) Unintuitive AccesControlClient.getUserPermissions() semantics

Istvan Toth created HBASE-26652:
-----------------------------------

             Summary: Unintuitive AccesControlClient.getUserPermissions() semantics
                 Key: HBASE-26652
                 URL: https://issues.apache.org/jira/browse/HBASE-26652
             Project: HBase
          Issue Type: Improvement
          Components: acl
            Reporter: Istvan Toth


The behaviour of the AccesControlClient.getUserPermissions() calls is unintuitive.

It takes a tablename regex, and return the union of all permissinons on all tables that it matches.
While the returned UserPermission objects do have the information on the object they apply to, this still requires post-processing the results.

To get the permissions for a single table, one has to either do something like

Admin.getTablePermission(conn, "^"+tableName.getNameWithNamespaceInclAsString()+"$")

or post-process the results of the call.

We should add some methods that return the permission for a single table / family / qualifier without making the caller jump though hoops, or at least call out the non-intuitive behavior in the Javadoc, and advise on how to use the API to get the results the caller likely wants.




--
This message was sent by Atlassian Jira
(v8.20.1#820001)