[
https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14038044#comment-14038044
]
Andrew Purtell commented on HBASE-6192:
---------------------------------------
WRITE doesn't imply READ as a rule.
There are some implied permissions involving meta regions though. Every client
must have READ access to the META table, or clients can't work. So this is a
special case. We always allow reads on meta regions. In the same way, CREATE
and ADMIN are granted WRITE permission on meta regions, so the table operations
they are allowed to perform can complete, even if technically the bits can be
granted separately in any possible combination.
Also of interest, checkAndX operations won't be useful (will fail) if the user
doesn't have READ+WRITE permissions.
One area that is a little weird is you can increment or append without having
READ permission.
> Document ACL matrix in the book
> -------------------------------
>
> Key: HBASE-6192
> URL: https://issues.apache.org/jira/browse/HBASE-6192
> Project: HBase
> Issue Type: Task
> Components: documentation, security
> Affects Versions: 0.94.1, 0.95.2
> Reporter: Enis Soztutar
> Assignee: Misty Stanley-Jones
> Labels: documentaion, security
> Fix For: 0.99.0
>
> Attachments: HBASE-6192-2.patch, HBASE-6192-rebased.patch,
> HBASE-6192.patch, HBase Security-ACL Matrix.pdf, HBase Security-ACL
> Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL Matrix.xls,
> HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls
>
>
> We have an excellent matrix at
> https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf
> for ACL. Once the changes are done, we can adapt that and put it in the
> book, also add some more documentation about the new authorization features.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
