[jira] [Commented] (HBASE-9206) namespace permissions

Tue, 13 Aug 2013 20:19:14 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13739174#comment-13739174
 ] 

Francis Liu commented on HBASE-9206:
------------------------------------

{quote}
I see namespaces as another level in a hierarchy of grants: cell, column 
family, table, namespace, global. List that out in the inverse for the 
dominance relationship. If we do that, then it addresses:
{quote}
I see in that case. 6-10. Should directly map to RWXCA for consistency.

{quote}
and also tangentially related to HBASE-8692, here's a thought: We could 
introduce a new permission 'S' (SCHEMA) for accessing and manipulating table 
and namespace schema.
{quote}
Shouldn't 'R' on a table be enough to read schema and 'S' for manipulating it? 
Small nitpick, namespace doesn't have schema. So maybe 'M' would be better for 
metadata?

For #4. On a "list by namespace" command how about we hide tables a user does 
not have any privilege to? Tho this seems a bit difficult when it comes down to 
cell. Or can we make cell level an exception?

For #5. If you have a namespace 'C' then it should translate to being able to 
create a table in a namespace.

                
> namespace permissions
> ---------------------
>
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
>
> Now that we have namespaces let's address how we can give admins more 
> flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing 
> privileges and see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to