[
https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14032104#comment-14032104
]
Misty Stanley-Jones commented on HBASE-6192:
--------------------------------------------
I'm going to re-check everything using this approach. Let me know if this
doesn't work.
$ less
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java|grep
'requirePermission('
private void requirePermission(String request, TableName tableName, byte[]
family, byte[] qualifier,
private void requirePermission(String request, Action perm) throws
IOException {
private void requirePermission(String request, Action perm,
requirePermission("deleteTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("truncateTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("modifyTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("addColumn", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("modifyColumn", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("deleteColumn", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("enableTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("disableTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("move", region.getTable(), null, null, Action.ADMIN);
requirePermission("assign", regionInfo.getTable(), null, null,
Action.ADMIN);
requirePermission("unassign", regionInfo.getTable(), null, null,
Action.ADMIN);
requirePermission("regionOffline", regionInfo.getTable(), null, null,
Action.ADMIN);
requirePermission("balance", Action.ADMIN);
requirePermission("balanceSwitch", Action.ADMIN);
requirePermission("shutdown", Action.ADMIN);
requirePermission("stopMaster", Action.ADMIN);
requirePermission("snapshot", Action.ADMIN);
requirePermission("clone", Action.ADMIN);
requirePermission("restore", Action.ADMIN);
requirePermission("deleteSnapshot", Action.ADMIN);
requirePermission("flushTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
requirePermission("preOpen", Action.ADMIN);
requirePermission("flush", getTableName(e.getEnvironment()), null, null,
Action.ADMIN,
requirePermission("split", getTableName(e.getEnvironment()), null, null,
Action.ADMIN);
requirePermission("split", getTableName(e.getEnvironment()), null, null,
Action.ADMIN);
requirePermission("compact", getTableName(e.getEnvironment()), null, null,
Action.ADMIN,
requirePermission("compact", getTableName(e.getEnvironment()), null, null,
Action.ADMIN);
requirePermission("preBulkLoadHFile",
requirePermission("invoke(" + service.getDescriptorForType().getName() +
"." +
requirePermission("grant", perm.getTableName(), perm.getFamily(),
requirePermission("revoke", perm.getTableName(), perm.getFamily(),
requirePermission("userPermissions", table, null, null, Action.ADMIN);
requirePermission("checkPermissions", action, regionEnv, familyMap);
requirePermission("checkPermissions", action);
requirePermission("preClose", Action.ADMIN);
requirePermission("preStopRegionServer", Action.ADMIN);
requirePermission("getTableDescriptors", tableName, null, null,
requirePermission("mergeRegions", regionA.getTableDesc().getTableName(),
null, null,
> Document ACL matrix in the book
> -------------------------------
>
> Key: HBASE-6192
> URL: https://issues.apache.org/jira/browse/HBASE-6192
> Project: HBase
> Issue Type: Task
> Components: documentation, security
> Affects Versions: 0.94.1, 0.95.2
> Reporter: Enis Soztutar
> Assignee: Misty Stanley-Jones
> Labels: documentaion, security
> Fix For: 0.99.0
>
> Attachments: HBASE-6192-rebased.patch, HBASE-6192.patch, HBase
> Security-ACL Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL
> Matrix.pdf, HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls,
> HBase Security-ACL Matrix.xls
>
>
> We have an excellent matrix at
> https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf
> for ACL. Once the changes are done, we can adapt that and put it in the
> book, also add some more documentation about the new authorization features.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
