[ https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14038044#comment-14038044 ]
Andrew Purtell commented on HBASE-6192: --------------------------------------- WRITE doesn't imply READ as a rule. There are some implied permissions involving meta regions though. Every client must have READ access to the META table, or clients can't work. So this is a special case. We always allow reads on meta regions. In the same way, CREATE and ADMIN are granted WRITE permission on meta regions, so the table operations they are allowed to perform can complete, even if technically the bits can be granted separately in any possible combination. Also of interest, checkAndX operations won't be useful (will fail) if the user doesn't have READ+WRITE permissions. One area that is a little weird is you can increment or append without having READ permission. > Document ACL matrix in the book > ------------------------------- > > Key: HBASE-6192 > URL: https://issues.apache.org/jira/browse/HBASE-6192 > Project: HBase > Issue Type: Task > Components: documentation, security > Affects Versions: 0.94.1, 0.95.2 > Reporter: Enis Soztutar > Assignee: Misty Stanley-Jones > Labels: documentaion, security > Fix For: 0.99.0 > > Attachments: HBASE-6192-2.patch, HBASE-6192-rebased.patch, > HBASE-6192.patch, HBase Security-ACL Matrix.pdf, HBase Security-ACL > Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL Matrix.xls, > HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls > > > We have an excellent matrix at > https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf > for ACL. Once the changes are done, we can adapt that and put it in the > book, also add some more documentation about the new authorization features. -- This message was sent by Atlassian JIRA (v6.2#6252)