[
https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13739192#comment-13739192
]
Francis Liu commented on HBASE-9206:
------------------------------------
{quote}
and also tangentially related to HBASE-8692, here's a thought: We could
introduce a new permission 'S' (SCHEMA) for accessing and manipulating table
and namespace schema.
{quote}
Thinking about this more we already have 'A' for manipulating table schema. Tho
I don't want namespace 'A' to permit namespace metadata manipulation as that's
where we'll store quota information. So if we only allow global 'A' to
manipulate namespace metadata then we're set?
> namespace permissions
> ---------------------
>
> Key: HBASE-9206
> URL: https://issues.apache.org/jira/browse/HBASE-9206
> Project: HBase
> Issue Type: Sub-task
> Reporter: Francis Liu
>
> Now that we have namespaces let's address how we can give admins more
> flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing
> privileges and see if we need more.
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
