Yi Mei created HBASE-21995: ------------------------------ Summary: Add a coprocessor to set HDFS ACL for hbase granted user Key: HBASE-21995 URL: https://issues.apache.org/jira/browse/HBASE-21995 Project: HBase Issue Type: Sub-task Reporter: Yi Mei
To make hbase granted user have the access to scan table snapshots, use HDFS ACLs to set user read permission over hfiles. The basic implementation is: 1. For public directories such as 'data' and 'archive', set other users' permission to '--x' to make everyone have the permission to access the directory. 2. For namespace or table directories such as 'data/ns/table', 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and default 'r-x' acl when following operations happen: grant to namespace or table / revoke from namespace or table / snapshot table For more details, please reference the design doc: https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427 -- This message was sent by Atlassian JIRA (v7.6.3#76005)