You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2014/06/26 19:36:22 UTC
git commit: HBASE-6192 Document ACL matrix in the book (Misty
Stanley-Jones)
Repository: hbase
Updated Branches:
refs/heads/master 4678ce09c -> 18c5cf9e4
HBASE-6192 Document ACL matrix in the book (Misty Stanley-Jones)
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/18c5cf9e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/18c5cf9e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/18c5cf9e
Branch: refs/heads/master
Commit: 18c5cf9e43a8f980e50f75e5a794c25f831c6de2
Parents: 4678ce0
Author: stack <st...@apache.org>
Authored: Thu Jun 26 10:36:01 2014 -0700
Committer: stack <st...@apache.org>
Committed: Thu Jun 26 10:36:01 2014 -0700
----------------------------------------------------------------------
src/main/docbkx/security.xml | 647 ++++++++++++++++++++++++++++++++++++++
1 file changed, 647 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/18c5cf9e/src/main/docbkx/security.xml
----------------------------------------------------------------------
diff --git a/src/main/docbkx/security.xml b/src/main/docbkx/security.xml
index 9e6a57c..8eda69a 100644
--- a/src/main/docbkx/security.xml
+++ b/src/main/docbkx/security.xml
@@ -454,6 +454,7 @@ HColumnDescriptor#setCompressTags(boolean compressTags)
Put#add(byte[] family, byte [] qualifier, byte [] value, Tag[] tag)
Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag)
]]></programlisting>
+
<para> Some of the feature developed using tags are Cell level ACLs and Visibility labels. These
are some features that use tags framework and allows users to gain better security features on
cell level. </para>
@@ -465,6 +466,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag)
linkend="hbase.visibility.labels">Visibility labels</link>
</para>
</section>
+
<section
xml:id="hbase.accesscontrol.configuration">
<title>Access Control</title>
@@ -631,6 +633,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag)
</table>
<para> Permissions can be granted in any of the following scopes, though CREATE and ADMIN
permissions are effective only at table scope. </para>
+
<itemizedlist>
<listitem>
<para>Table</para>
@@ -684,6 +687,650 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag)
table attribute. Only a single user principal can own a table at a given time. A table owner
will have all permissions over a given table. </para>
</section>
+ <section>
+ <title>Access Control Matrix</title>
+ <para>The following matrix shows the minimum permission set required to perform operations in
+ HBase. Before using the table, read through the information about how to interpret it.</para>
+ <variablelist>
+ <title>Interpreting the ACL Matrix Table</title>
+ <para>The following conventions are used in the ACL Matrix table:</para>
+ <varlistentry>
+ <term>Scopes</term>
+ <listitem>
+ <para>Permissions are evaluated starting at the widest scope and working to the
+ narrowest scope. A scope corresponds to a level of the data model. From broadest to
+ narrowest, the scopes are as follows::</para>
+ <itemizedlist>
+ <listitem><para>Global</para></listitem>
+ <listitem><para>Namespace (NS)</para></listitem>
+ <listitem><para>Table</para></listitem>
+ <listitem><para>Column Qualifier (CF)</para></listitem>
+ <listitem><para>Column Family (CQ)</para></listitem>
+ <listitem><para>Cell</para></listitem>
+ </itemizedlist>
+ <para>For instance, a permission granted at table level dominates any grants done at the
+ ColumnFamily, ColumnQualifier, or cell level. The user can do what that grant implies
+ at any location in the table. A permission granted at global scope dominates all: the
+ user is always allowed to take that action everywhere.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Permissions</term>
+ <listitem>
+ <para>Possible permissions include the following:</para>
+ <itemizedlist>
+ <listitem><para>Superuser - a special user that belongs to group "supergroup" and has
+ unlimited access</para></listitem>
+ <listitem><para>Admin (A)</para></listitem>
+ <listitem><para>Create (C)</para></listitem>
+ <listitem><para>Write (W)</para></listitem>
+ <listitem><para>Read (R)</para></listitem>
+ <listitem><para>Execute (X)</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>For the most part, permissions work in an expected way, with the following caveats:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Having Write permission does not imply Read permission. It is possible and sometimes
+ desirable for a user to be able to write data that same user cannot read. One such example
+ is a log-writing process.</para>
+ </listitem>
+ <listitem>
+ <para>Admin is a superset of Create, so a user with Admin permissions does not also need
+ Create permissions to perform an action such as creating a table.</para>
+ </listitem>
+ <listitem>
+ <para>The <systemitem>hbase:meta</systemitem> table is readable by every user, regardless
+ of the user's other grants or restrictions. This is a requirement for HBase to
+ function correctly.</para>
+ </listitem>
+ <listitem>
+ <para>Users with Create or Admin permissions are granted Write permission on meta regions,
+ so the table operations they are allowed to perform can complete, even if technically
+ the bits can be granted separately in any possible combination.</para>
+ </listitem>
+ <listitem>
+ <para><code>CheckAndPut</code> and <code>CheckAndDelete</code> operations will fail if the user does not have both
+ Write and Read permission.</para>
+ </listitem>
+ <listitem>
+ <para><code>Increment</code> and <code>Append</code> operations do not require Read access.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following table is sorted by the interface that provides each operation. In case the
+ table goes out of date, the unit tests which check for accuracy of permissions can be found
+ in
+ <filename>hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java</filename>,
+ and the access controls themselves can be examined in
+ <filename>hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java</filename>.</para>
+
+ <table
+ frame="all">
+ <title>ACL Matrix</title>
+ <tgroup
+ cols="4">
+ <thead>
+ <row>
+ <entry>Interface</entry>
+ <entry>Operation</entry>
+ <entry>Minimum Scope</entry>
+ <entry>Minimum Permission</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry
+ morerows="27">
+ <!-- incrememt this if you add another "master" operation -->
+ <para>Master</para>
+ </entry>
+ <entry>
+ <para>createTable</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>modifyTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>deleteTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>truncateTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>addColumn</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>modifyColumn</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>deleteColumn</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>disableTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>disableAclTable</para>
+ </entry>
+ <entry>
+ <para>None</para>
+ </entry>
+ <entry>
+ <para>Not allowed</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>enableTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>move</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>assign</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>unassign</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>regionOffline</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>balance</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>balanceSwitch</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>shutdown</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>stopMaster</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>snapshot</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>clone</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>restore</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>deleteSnapshot</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>createNamespace</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>deleteNamespace</para>
+ </entry>
+ <entry>
+ <para>Namespace</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>modifyNamespace</para>
+ </entry>
+ <entry>
+ <para>Namespace</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>flushTable</para>
+ </entry>
+ <entry>
+ <para>Table</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>getTableDescriptors</para>
+ </entry>
+ <entry>
+ <para>Global|Table</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>mergeRegions</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry
+ morerows="25">Region</entry>
+ <!-- Incrememt this if you add any more Region
+ operations -->
+ <entry>preOpen</entry>
+ <entry>Global</entry>
+ <entry>A</entry>
+ </row>
+ <row>
+ <entry>
+ <para>openRegion</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>preClose</entry>
+ <entry>Global</entry>
+ <entry>A</entry>
+ </row>
+ <row>
+ <entry>
+ <para>closeRegion</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>preStopRegionServer</entry>
+ <entry>Global</entry>
+ <entry>A</entry>
+ </row>
+ <row>
+ <entry>
+ <para>stopRegionServer</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>mergeRegions</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>append</entry>
+ <entry>Table</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>delete</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>exists</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>get</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>getClosestRowBefore</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>increment</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>put</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>
+ <para>flush</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>split</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>compact</para>
+ </entry>
+ <entry>
+ <para>Global</para>
+ </entry>
+ <entry>
+ <para>A|CW</para>
+ </entry>
+ </row>
+ <row>
+ <entry>bulkLoadHFile</entry>
+ <entry>Table</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>prepareBulkLoad</entry>
+ <entry>Table</entry>
+ <entry>CW</entry>
+ </row>
+ <row>
+ <entry>cleanupBulkLoad</entry>
+ <entry>Table</entry>
+ <entry>W</entry>
+ </row>
+ <row>
+ <entry>checkAndDelete</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>RW</entry>
+ </row>
+ <row>
+ <entry>checkAndPut</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>RW</entry>
+ </row>
+ <row>
+ <entry>incrementColumnValue</entry>
+ <entry>Table|CF|CQ</entry>
+ <entry>RW</entry>
+ </row>
+ <row>
+ <entry>ScannerClose</entry>
+ <entry>Table</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>ScannerNext</entry>
+ <entry>Table</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>ScannerOpen</entry>
+ <entry>Table|CQ|CF</entry>
+ <entry>R</entry>
+ </row>
+ <row>
+ <entry>
+ <para>Endpoint</para>
+ </entry>
+ <entry>
+ <para>invoke</para>
+ </entry>
+ <entry>Endpoint</entry>
+ <entry>
+ <para>X</para>
+ </entry>
+ </row>
+ <row>
+ <entry
+ morerows="3">
+ <para>AccessController</para>
+ </entry>
+ <entry>
+ <para>grant</para>
+ </entry>
+ <entry>Global|Table|NS</entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>revoke</para>
+ </entry>
+ <entry>Global|Table|NS</entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>userPermissions</para>
+ </entry>
+ <entry>
+ <para>Global|Table|NS</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>checkPermissions</para>
+ </entry>
+ <entry>
+ <para>Global|Table|NS</para>
+ </entry>
+ <entry>
+ <para>A</para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </section>
<section>
<title>Server-side Configuration for Access Control</title>