You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Guanghao Zhang (JIRA)" <ji...@apache.org> on 2019/03/11 07:40:00 UTC
[jira] [Comment Edited] (HBASE-21995) Add a coprocessor to set HDFS
ACL for hbase granted user
[ https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16789249#comment-16789249 ]
Guanghao Zhang edited comment on HBASE-21995 at 3/11/19 7:39 AM:
-----------------------------------------------------------------
Yes. We need a consensus result about this. Then start work for this. [~Yi Mei]
[~reidchan] Let's move to the parent issue to discuss about this feature?
was (Author: zghaobac):
Yes. We need a consensus result about this. Then start work for this. [~Yi Mei]
[~reidchan] Let's move the parent issue to discuss about this feature?
> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
> Key: HBASE-21995
> URL: https://issues.apache.org/jira/browse/HBASE-21995
> Project: HBase
> Issue Type: Sub-task
> Reporter: Yi Mei
> Priority: Major
>
> To make hbase granted user have the access to scan table snapshots, use HDFS ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users' permission to '--x' to make everyone have the permission to access the directory.
> 2. For namespace or table directories such as 'data/ns/table', 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>
> For more details, please reference the design doc: https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)