You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ss...@apache.org on 2015/04/27 05:13:55 UTC

hbase git commit: HBASE-13359 Update ACL matrix to include table owner.

Repository: hbase
Updated Branches:
  refs/heads/master 75507af9f -> 4182fc1a9


HBASE-13359 Update ACL matrix to include table owner.


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/4182fc1a
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/4182fc1a
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/4182fc1a

Branch: refs/heads/master
Commit: 4182fc1a9bc261f50efd7efd27c61a702bc1bfbf
Parents: 75507af
Author: Srikanth Srungarapu <ss...@cloudera.com>
Authored: Sun Apr 26 20:13:23 2015 -0700
Committer: Srikanth Srungarapu <ss...@cloudera.com>
Committed: Sun Apr 26 20:13:23 2015 -0700

----------------------------------------------------------------------
 .../asciidoc/_chapters/appendix_acl_matrix.adoc | 94 ++++++++++----------
 1 file changed, 47 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/4182fc1a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
index bf35c1a..cb285f3 100644
--- a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
+++ b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
@@ -81,77 +81,77 @@ In case the table goes out of date, the unit tests which check for accuracy of p
 |===
 | Interface | Operation | Permissions
 | Master | createTable | superuser\|global\(C)\|NS\(C)
-|        | modifyTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | deleteTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | truncateTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | addColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | modifyColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)\|column(A)\|column\(C)
-|        | deleteColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)\|column(A)\|column\(C)
-|        | enableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | disableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
+|        | modifyTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | deleteTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | truncateTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | addColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | modifyColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)\|column(A)\|column\(C)
+|        | deleteColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)\|column(A)\|column\(C)
+|        | enableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | disableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
 |        | disableAclTable | Not allowed
-|        | move | superuser\|global(A)\|NS(A)\|Table(A)
-|        | assign | superuser\|global(A)\|NS(A)\|Table(A)
-|        | unassign | superuser\|global(A)\|NS(A)\|Table(A)
-|        | regionOffline | superuser\|global(A)\|NS(A)\|Table(A)
+|        | move | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
+|        | assign | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
+|        | unassign | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
+|        | regionOffline | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
 |        | balance | superuser\|global(A)
 |        | balanceSwitch | superuser\|global(A)
 |        | shutdown | superuser\|global(A)
 |        | stopMaster | superuser\|global(A)
-|        | snapshot | superuser\|global(A)\|NS(A)\|Table(A)
+|        | snapshot | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
 |        | listSnapshot | superuser\|global(A)\|SnapshotOwner
 |        | cloneSnapshot | superuser\|global(A)
-|        | restoreSnapshot | superuser\|global(A)\|SnapshotOwner & (NS(A)\|Table(A))
+|        | restoreSnapshot | superuser\|global(A)\|SnapshotOwner & (NS(A)\|TableOwner\|table(A))
 |        | deleteSnapshot | superuser\|global(A)\|SnapshotOwner
 |        | createNamespace | superuser\|global(A)
 |        | deleteNamespace | superuser\|global(A)
 |        | modifyNamespace | superuser\|global(A)
 |        | getNamespaceDescriptor | superuser\|global(A)\|NS(A)
 |        | listNamespaceDescriptors* | superuser\|global(A)\|NS(A)
-|        | flushTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS(\C)\|table(A)\|table\(C)
-|        | getTableDescriptors* | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)
-|        | getTableNames* | Any global or table perm
+|        | flushTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | getTableDescriptors* | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
+|        | getTableNames* | superuser\|TableOwner\|Any global or table perm
 |        | setUserQuota(global level) | superuser\|global(A)
 |        | setUserQuota(namespace level) | superuser\|global(A)
-|        | setUserQuota(Table level) | superuser\|global(A)\|NS(A)\|Table(A)
-|        | setTableQuota | superuser\|global(A)\|NS(A)\|Table(A)
+|        | setUserQuota(Table level) | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
+|        | setTableQuota | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
 |        | setNamespaceQuota | superuser\|global(A)
 | Region | openRegion | superuser\|global(A)
 |        | closeRegion | superuser\|global(A)
-|        | flush | superuser\|global(A)\|global\(C)\|table(A)\|table\(C)
-|        | split | superuser\|global(A)\|Table(A)
-|        | compact | superuser\|global(A)\|global\(C)\|table(A)\|table\(C)
-|        | getClosestRowBefore | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | getOp | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | exists | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | put | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | delete | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | batchMutate | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | checkAndPut | superuser\|global(RW)\|NS(RW)\|Table(RW)\|CF(RW)\|CQ(RW)
-|        | checkAndPutAfterRowLock | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | checkAndDelete   | superuser\|global(RW)\|NS(RW)\|Table(RW)\|CF(RW)\|CQ(RW)
-|        | checkAndDeleteAfterRowLock | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | incrementColumnValue | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | append | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | appendAfterRowLock | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | increment | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | incrementAfterRowLock | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W)
-|        | scannerOpen | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | scannerNext | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | scannerClose | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R)
-|        | bulkLoadHFile | superuser\|global\(C)\|table\(C)\|CF\(C)
-|        | prepareBulkLoad | superuser\|global\(C)\|table\(C)\|CF\(C)
-|        | cleanupBulkLoad | superuser\|global\(C)\|table\(C)\|CF\(C)
-| Endpoint | invoke | superuser\|global(X)\|NS(X)\|Table(X)
+|        | flush | superuser\|global(A)\|global\(C)\|TableOwner\|table(A)\|table\(C)
+|        | split | superuser\|global(A)\|TableOwner\|TableOwner\|table(A)
+|        | compact | superuser\|global(A)\|global\(C)\|TableOwner\|table(A)\|table\(C)
+|        | getClosestRowBefore | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | getOp | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | exists | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | put | superuser\|global(W)\|NS(W)\|table(W)\|TableOwner\|CF(W)\|CQ(W)
+|        | delete | superuser\|global(W)\|NS(W)\|table(W)\|TableOwner\|CF(W)\|CQ(W)
+|        | batchMutate | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | checkAndPut | superuser\|global(RW)\|NS(RW)\|TableOwner\|table(RW)\|CF(RW)\|CQ(RW)
+|        | checkAndPutAfterRowLock | superuser\|global\(R)\|NS\(R)\|TableOwner\|Table\(R)\|CF\(R)\|CQ\(R)
+|        | checkAndDelete   | superuser\|global(RW)\|NS(RW)\|TableOwner\|table(RW)\|CF(RW)\|CQ(RW)
+|        | checkAndDeleteAfterRowLock | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | incrementColumnValue | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | append | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | appendAfterRowLock | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | increment | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | incrementAfterRowLock | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
+|        | scannerOpen | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | scannerNext | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | scannerClose | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
+|        | bulkLoadHFile | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
+|        | prepareBulkLoad | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
+|        | cleanupBulkLoad | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
+| Endpoint | invoke | superuser\|global(X)\|NS(X)\|TableOwner\|table(X)
 | AccessController | grant(global level) | global(A)
 |                  | grant(namespace level) | global(A)\|NS(A)
-|                  | grant(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A)
+|                  | grant(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
 |                  | revoke(global level) | global(A)
 |                  | revoke(namespace level) | global(A)\|NS(A)
-|                  | revoke(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A)
+|                  | revoke(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
 |                  | getUserPermissions(global level) | global(A)
 |                  | getUserPermissions(namespace level) | global(A)\|NS(A)
-|                  | getUserPermissions(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A)
+|                  | getUserPermissions(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
 | RegionServer | stopRegionServer | superuser\|global(A)
 |              | mergeRegions | superuser\|global(A)
 |              | rollWALWriterRequest | superuser\|global(A)