You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2012/06/09 01:13:24 UTC

[jira] [Comment Edited] (HBASE-6188) Remove the concept of table owner

    [ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292076#comment-13292076 ] 

Andrew Purtell edited comment on HBASE-6188 at 6/8/12 11:12 PM:
----------------------------------------------------------------

bq. Should we allow users with "C" to perform DDL?

That makes sense. CREATE permissions allow DDL but only ADMIN permission can do things like force flush, force split, etc. 

Edit: Another consideration is CREATE could do DDL if online schema update is possible, but won't have permission if the table must be offlined (which would require ADMIN). The objective is to maintain the legacy CREATE permission with sufficient and useful distinction from ADMIN. If the distinction is not useful, we can consider alternatives.
                
      was (Author: apurtell):
    bq. Should we allow users with "C" to perform DDL?

That makes sense. CREATE permissions allow DDL but only ADMIN permission can do things like force flush, force split, etc. 
                  
> Remove the concept of table owner
> ---------------------------------
>
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE permission can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds unnecessary conditionals to our code. So instead the administrator with GLOBAL CREATE permission should make the appropriate grants at table create time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira