You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Enis Soztutar (Created) (JIRA)" <ji...@apache.org> on 2012/02/07 00:18:59 UTC
[jira] [Created] (HBASE-5342) Grant/Revoke global permissions
Grant/Revoke global permissions
-------------------------------
Key: HBASE-5342
URL: https://issues.apache.org/jira/browse/HBASE-5342
Project: HBase
Issue Type: Improvement
Reporter: Enis Soztutar
Assignee: Enis Soztutar
HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13269005#comment-13269005 ]
Andrew Purtell commented on HBASE-5342:
---------------------------------------
The AccessControllerProtocol change is not backwards compatible. You should deprecate
{code}
public void grant(byte[] user, TablePermission permission)
{code}
and
{code}
public void revoke(byte[] user, TablePermission permission)
{code}
in 0.92 (and 0.94 if it's released already) and take them out in the next major rev after.
The new 'whoami' command for the shell is nice.
I also see some noise/whitespace refactoring around debug logging. That kind of change is a little annoying, it distracts from the logic changes. Just a suggestion for future changes.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Enis Soztutar (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enis Soztutar updated HBASE-5342:
---------------------------------
Issue Type: Sub-task (was: Improvement)
Parent: HBASE-5352
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhihong Yu updated HBASE-5342:
------------------------------
Comment: was deleted
(was: -1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525018/HBASE-5342-v0.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1684//console
This message is automatically generated.)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273907#comment-13273907 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12526614/HBASE-5342-v5.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 31 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.TestDrainingServer
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1857//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1857//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1857//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264546#comment-13264546 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
{code}
Running org.apache.hadoop.hbase.security.TestUser
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.955 sec
Results :
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
{code}
{code}
Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 17.958 sec
Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 19.599 sec
Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 34.862 sec
Running org.apache.hadoop.hbase.security.access.TestTablePermissions
Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 30.704 sec
Results :
Tests run: 28, Failures: 0, Errors: 0, Skipped: 0
{code}
{code}
Running org.apache.hadoop.hbase.security.token.TestTokenAuthentication
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 12.026 sec
Running org.apache.hadoop.hbase.security.token.TestZKSecretWatcher
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 15.995 sec
Results :
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0
{code}
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278401#comment-13278401 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
Integrated to 0.92 and 0.94
Thanks for the patch, Matteo (there was a duplicate copy in whoami.rb of 0.94 patch, I removed the extra one)
Thanks for the review, Andy.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13277965#comment-13277965 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
@Andy, @Lars: Can we backport this to 0.92 and 0.94?
I've developed it on 0.92, since the code was the same from 0.92 to trunk.
And since the new functionality doesn't break the compatibility, I think that it is safe to backport. What do you think?
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264415#comment-13264415 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
I got the following when applying the draft patch:
{code}
2 out of 9 hunks FAILED -- saving rejects to file security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java.rej
{code}
{code}
+ private void updateGlobalCache(ListMultimap<String,TablePermission> userPerms) {
{code}
I would expect Permission in the method signature above. Can the following method be changed to return ListMultimap<String, Permission> ?
{code}
ListMultimap<String,TablePermission> perms = AccessControlLists.readPermissions(in, conf);
{code}
{code}
- Set<String> tableSet = new HashSet<String>();
+ Set<byte[]> tableSet = new HashSet<byte[]>();
{code}
HashSet is backed by HashMap: see line 93 of http://www.docjar.com/html/api/java/util/HashSet.java.html
I think a proper comparator should be used above.
{code}
+ * Returns true if this permission describe a user global permission.
{code}
Should read 'describes a global user permission'
{code}
+ raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes)
{code}
Line exceeds 100 chars. Remove the 'a' before 'family' or replace it with 'the'.
{code}
+ user_permission = org.apache.hadoop.hbase.security.access.UserPermission.new(user.to_java_bytes, table_name.to_java_bytes, fambytes, qualbytes, "".to_java_bytes)
{code}
Above line is too long. Length should be no longer than 100 chars. Same with the assignment in the else block below.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13279411#comment-13279411 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-0.94-security #27 (See [https://builds.apache.org/job/HBase-0.94-security/27/])
HBASE-5342 Grant/Revoke global permissions (Matteo) (Revision 1339922)
Result = SUCCESS
tedyu :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
* /hbase/branches/0.94/src/main/ruby/hbase/security.rb
* /hbase/branches/0.94/src/main/ruby/shell.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/grant.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/revoke.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/user_permission.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/whoami.rb
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhihong Yu updated HBASE-5342:
------------------------------
Fix Version/s: 0.94.1
0.96.0
0.92.2
Hadoop Flags: Reviewed
Targeting 0.92.2
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273040#comment-13273040 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
For getTablePermissions():
{code}
if (Bytes.equals(tableName, HConstants.ROOT_TABLE_NAME) ||
- Bytes.equals(tableName, HConstants.META_TABLE_NAME) ||
- Bytes.equals(tableName, AccessControlLists.ACL_TABLE_NAME)) {
+ Bytes.equals(tableName, HConstants.META_TABLE_NAME)) {
{code}
Why is ACL_TABLE_NAME removed from the condition above ?
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: (was: HBASE-5342-v0.patch)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Status: Patch Available (was: Open)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi reassigned HBASE-5342:
--------------------------------------
Assignee: Matteo Bertozzi (was: Enis Soztutar)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278387#comment-13278387 ]
Andrew Purtell commented on HBASE-5342:
---------------------------------------
bq. I think that it is safe to backport. What do you think?
+1, we should keep the AccessController code in sync across trunk, 0.94, and 0.92 until finally there is some incompatible change on trunk; then as close as possible.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v0.patch
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273663#comment-13273663 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
@Matteo:
Looks like HBASE-5732 went in :-)
Do you mind rebasing your patch ?
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v5.patch
patch rebased, HBASE-5732 went in.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v0.patch
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v1.patch
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273951#comment-13273951 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #2 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/2/])
HBASE-5342 Grant/Revoke global permissions (Matteo Bertozzi) (Revision 1337499)
Result = FAILURE
tedyu :
Files :
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/trunk/src/main/ruby/hbase/security.rb
* /hbase/trunk/src/main/ruby/shell.rb
* /hbase/trunk/src/main/ruby/shell/commands/grant.rb
* /hbase/trunk/src/main/ruby/shell/commands/revoke.rb
* /hbase/trunk/src/main/ruby/shell/commands/user_permission.rb
* /hbase/trunk/src/main/ruby/shell/commands/whoami.rb
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264514#comment-13264514 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525018/HBASE-5342-v0.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1684//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273913#comment-13273913 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
Failed test is covered by HBASE-5992.
Integrated to trunk.
Thanks for the patch, Matteo.
Thanks for the review, Andy.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: (was: HBASE-5342-draft.patch)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273506#comment-13273506 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12526549/HBASE-5342-v4.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1849//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1849//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1849//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-draft.patch
I've attached a first draft, if someone want start to reviewing it.
I still have to add and fix unit tests, and add some comments in hbase shell and some other parts of the code.
Another part that is missing is HBASE-5385 that I'm going to implement once this is done.
but any feedback is apreciated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264528#comment-13264528 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525020/HBASE-5342-v0.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1685//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1685//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1685//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273947#comment-13273947 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-TRUNK #2875 (See [https://builds.apache.org/job/HBase-TRUNK/2875/])
HBASE-5342 Grant/Revoke global permissions (Matteo Bertozzi) (Revision 1337499)
Result = FAILURE
tedyu :
Files :
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/trunk/src/main/ruby/hbase/security.rb
* /hbase/trunk/src/main/ruby/shell.rb
* /hbase/trunk/src/main/ruby/shell/commands/grant.rb
* /hbase/trunk/src/main/ruby/shell/commands/revoke.rb
* /hbase/trunk/src/main/ruby/shell/commands/user_permission.rb
* /hbase/trunk/src/main/ruby/shell/commands/whoami.rb
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264539#comment-13264539 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
@Matteo:
Can you run the new patch for security profile and let us know the result ?
Thanks
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13272915#comment-13272915 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12526440/HBASE-5342-v3.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.TestRegionRebalancing
org.apache.hadoop.hbase.TestDrainingServer
org.apache.hadoop.hbase.coprocessor.TestClassLoading
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1841//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1841//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1841//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v1.patch
Don't remove the grant/revoke with user and TablePermission, mark as deprecated and convert to UserPermission.
Add pre/postHandler() to avoid compilation failure introduced with HBASE-5584.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-0.94.patch
HBASE-5342-0.92.patch
the 0.92/0.94 version
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13269243#comment-13269243 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525774/HBASE-5342-v1.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.regionserver.wal.TestLogRollingNoCluster
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1784//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1784//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1784//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260273#comment-13260273 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
@Enis are you planning to release something soon?
otherwise I can work on that. Do you have already a draft/notes or can I start from scratch?
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HBASE-5342) Grant/Revoke global permissions
Posted by "Lars Hofhansl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lars Hofhansl closed HBASE-5342.
--------------------------------
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.94.1, 0.96.0
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v3.patch
Keep the old protocol version
mark "old" grant/revoke as deprecated
catch if server doesn't support new grant/revoke with global and fallback to the old method if necessary.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13269225#comment-13269225 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525773/HBASE-5342-v1.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1783//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: (was: HBASE-5342-v0.patch)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264506#comment-13264506 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12525012/HBASE-5342-v0.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.replication.TestReplication
org.apache.hadoop.hbase.client.TestShell
org.apache.hadoop.hbase.master.TestAssignmentManager
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1683//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1683//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1683//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264472#comment-13264472 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
@Zhihong sorry I forgot to say that I'm coding it against 0.92, since is a bit more stable/testable than trunk. But the patch should apply fine to 0.94 too. I'll port it to trunk once is done.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278474#comment-13278474 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-0.94 #199 (See [https://builds.apache.org/job/HBase-0.94/199/])
HBASE-5342 Grant/Revoke global permissions (Matteo) (Revision 1339922)
Result = FAILURE
tedyu :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
* /hbase/branches/0.94/src/main/ruby/hbase/security.rb
* /hbase/branches/0.94/src/main/ruby/shell.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/grant.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/revoke.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/user_permission.rb
* /hbase/branches/0.94/src/main/ruby/shell/commands/whoami.rb
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Enis Soztutar (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202905#comment-13202905 ]
Enis Soztutar commented on HBASE-5342:
--------------------------------------
I'll work on this once I find some time.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Improvement
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Gary Helmling (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202093#comment-13202093 ]
Gary Helmling commented on HBASE-5342:
--------------------------------------
Some of the building blocks for this are already in place. It shouldn't be too difficult to fill in the missing pieces. Would be great to see this completed.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Improvement
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13274022#comment-13274022 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
{code}
Running org.apache.hadoop.hbase.security.token.TestTokenAuthentication
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 22.058 sec
Running org.apache.hadoop.hbase.security.token.TestZKSecretWatcher
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 15.702 sec
Results :
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0
{code}
{code}
Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 20.706 sec
Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 23.621 sec
Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 37.041 sec
Running org.apache.hadoop.hbase.security.access.TestTablePermissions
Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 34.577 sec
Results :
Tests run: 28, Failures: 0, Errors: 0, Skipped: 0
{code}
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13274023#comment-13274023 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12526640/HBASE-5342-0.94.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1861//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270647#comment-13270647 ]
Hadoop QA commented on HBASE-5342:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12526007/HBASE-5342-v2.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 hadoop23. The patch compiles against the hadoop 0.23.x profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1797//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1797//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1797//console
This message is automatically generated.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-draft.patch
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v2.patch
Make the patch compile again, after HBASE-5584 AccessController build fix
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: (was: HBASE-5342-v1.patch)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13271001#comment-13271001 ]
Andrew Purtell commented on HBASE-5342:
---------------------------------------
@Jon: Noted, thanks for the clarification!
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273923#comment-13273923 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
Can we backport this to 0.92 and 0.94? the security/access code is the same and this one doesn't break the compatibility.
I'll attach a patch later for 0.92/0.94.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273447#comment-13273447 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
Nice work.
Why is TreeSet needed below ?
{code}
- Set<String> tableSet = new HashSet<String>();
+ Set<byte[]> tableSet = new TreeSet<byte[]>(Bytes.BYTES_COMPARATOR);
{code}
{code}
+ // Users with CREATE/ADMIN Rights needs to modify .META. and _acl_ table
{code}
'needs to' -> 'need to'
{code}
+ // e.g. new table writes in .META. remove table writes in .META. and _acl_.
{code}
Please rewrite the above so that it is clearer.
{code}
+ return AuthResult.allow("Table permission granted", user, permRequest, tableName);
{code}
Minor: there is a white space at the end of above line - I found it on review board.
{code}
+ * Returns true if this permission describes a user global permission.
{code}
'user global' -> 'global user'
For whoami.rb, it contains the same contents 4 times. Please remove 3 of them.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273424#comment-13273424 ]
Matteo Bertozzi commented on HBASE-5342:
----------------------------------------
getTablePermissions() returns the permission for the specified table is used by AccessController.updateAcl() to write to zookeeper nodes the table permissions.
We can skip root & meta because they are handled as a special case, mostly in AccessController.permissionGranted(), while the acl table is used to store the global permissions. So instead of return an empty listMap we return the global permissions.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Zhihong Yu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273929#comment-13273929 ]
Zhihong Yu commented on HBASE-5342:
-----------------------------------
@Matteo:
Please run through corresponding test suite before posting backport.
@Andy, @Lars:
What do you think of the backport ?
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278520#comment-13278520 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-0.92-security #107 (See [https://builds.apache.org/job/HBase-0.92-security/107/])
HBASE-5342 Grant/Revoke global permissions (Matteo) (Revision 1339924)
Result = FAILURE
tedyu :
Files :
* /hbase/branches/0.92/CHANGES.txt
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
* /hbase/branches/0.92/src/main/ruby/hbase/security.rb
* /hbase/branches/0.92/src/main/ruby/shell.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/grant.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/revoke.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/user_permission.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/whoami.rb
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: (was: HBASE-5342-draft.patch)
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v4.patch
@Zhihong Yu thanks for the review
{quote}Why is TreeSet needed below ?{quote}
I've changed from String to byte[] and so I've switched to TreeMap, anyway there're no much entry
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270635#comment-13270635 ]
Andrew Purtell commented on HBASE-5342:
---------------------------------------
@Matteo,
To maintain compatibility in HBase aka Hadoop RPC as it currently works, you must insure:
- The new methods must be placed after all others in the interface. If the order of existing methods in the interface changes, it won't work.
- Do not change VERSION in VersionedProtocols (which CoprocessorProtocol inherits from). This doesn't allow backwards compatibility, it tells the client to go away if different. We can use it to fast fail incompatible clients after a deprecation is complete but not during the transition.
- Then, if the new methods are not available, on the client side you can catch NoSuchMethodException from the remote and use an alternate API strategy.
As you can imagine, it is a great thing we are migrating all of our RPC protocols to protobufs for 0.96+, it has a cross-version story that avoids kludges like the above. Unfortunately, the above is currently necessary.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Jonathan Hsieh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270987#comment-13270987 ]
Jonathan Hsieh commented on HBASE-5342:
---------------------------------------
Andrew: I don't think the order matters anymore -- I checked this when I added the offline method to 0.90. Rpcs actually send their names across the wire!
See here on HBASE-5589.
https://issues.apache.org/jira/browse/HBASE-5589?focusedCommentId=13233923&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13233923
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278553#comment-13278553 ]
Hudson commented on HBASE-5342:
-------------------------------
Integrated in HBase-0.92 #411 (See [https://builds.apache.org/job/HBase-0.92/411/])
HBASE-5342 Grant/Revoke global permissions (Matteo) (Revision 1339924)
Result = FAILURE
tedyu :
Files :
* /hbase/branches/0.92/CHANGES.txt
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
* /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
* /hbase/branches/0.92/src/main/ruby/hbase/security.rb
* /hbase/branches/0.92/src/main/ruby/shell.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/grant.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/revoke.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/user_permission.rb
* /hbase/branches/0.92/src/main/ruby/shell/commands/whoami.rb
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5342-0.92.patch, HBASE-5342-0.94.patch, HBASE-5342-draft.patch, HBASE-5342-v0.patch, HBASE-5342-v1.patch, HBASE-5342-v2.patch, HBASE-5342-v3.patch, HBASE-5342-v4.patch, HBASE-5342-v5.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-v0.patch
The only difference between 0.92/0.94 and trunk is this commit:
https://github.com/apache/hbase/commit/19167af652aeb14979146c7bf312cf5925717190
So if we backport in 0.92/0.94 the posted patch apply without problem.
{quote}
{code}
+ private void updateGlobalCache(ListMultimap<String,TablePermission> userPerms) {
{code}
I would expect Permission in the method signature above. Can the following method be changed to return ListMultimap<String, Permission> ?
{quote}
...I know, but I've tried to stay as close as possible with the current implementation. The global permission is just the same as permission on acl table.
Maybe we can open a new jira to refactor Permission/TablePermission/UserPermission.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch, HBASE-5342-v0.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5342) Grant/Revoke global permissions
Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5342:
-----------------------------------
Attachment: HBASE-5342-draft.patch
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5342-draft.patch
>
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5342) Grant/Revoke global permissions
Posted by "Enis Soztutar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-5342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261149#comment-13261149 ]
Enis Soztutar commented on HBASE-5342:
--------------------------------------
@Matteo, I do not plan to work on this in the near future, feel free to take a shot. As Gary mentioned, there is already the infrastructure to manage and distribute ACL changes to region servers. I think for this, we should just reuse those. For the hbase shell, we just need to make table argument optional, and change the AccessControlProtocol.grant()/revoke() methods to accept Permission objects rather than TablePermission objects.
> Grant/Revoke global permissions
> -------------------------------
>
> Key: HBASE-5342
> URL: https://issues.apache.org/jira/browse/HBASE-5342
> Project: HBase
> Issue Type: Sub-task
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
>
> HBASE-3025 introduced simple ACLs based on coprocessors. It defines global/table/cf/cq level permissions. However, there is no way to grant/revoke global level permissions, other than the hbase.superuser conf setting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira