[jira] [Commented] (HBASE-11791) Update docs on visibility tags and ACLs, transparent encryption, secure bulk upload

Fri, 05 Sep 2014 13:58:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-11791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14123560#comment-14123560
 ] 

Matteo Bertozzi commented on HBASE-11791:
-----------------------------------------

{quote}
Admin is a superset of Create, so a user with Admin permissions does not also 
need
Create permissions to perform an action such as creating a table
{quote}
Not sure if this is right... at the moment the two may overlap but ADMIN and 
CREATE have separate lifes as far as I know. 

{quote}
Users with Create or Admin permissions are granted Write permission on meta 
regions, so the table operations they are allowed to perform can complete, even 
if technically the bits can be granted separately in any possible combination.
{quote}
if this is true, seems a bug/missing check. Only "hbase" should be able to 
write to META. Allowing other user to edit META seems a bad thing, even when 
you are using hbck you must run as hbase.

{quote}Enable HFile v3, by setting <option>hfile.format.version </option>to 3 in
 <filename>hbase-site.xml</filename>. This is the default for HBase 0.98 and 
newer.{quote}
0.98 has v2 has default

{quote}
With Secure RPC and Access Control enabled, client access to HBase is 
authenticated
and user data is private unless access has been explicitly granted.{quote}
What does "Secure RPC" means? security=kerberos? The secure rpc engine that 
were present in 94 is gone in 96, so I guess you are talking about kerberos 
there.

can you post on review board? the patch is too long and it will get confusing 
with the discussion in the jira

> Update docs on visibility tags and ACLs, transparent encryption, secure bulk 
> upload
> -----------------------------------------------------------------------------------
>
>                 Key: HBASE-11791
>                 URL: https://issues.apache.org/jira/browse/HBASE-11791
>             Project: HBase
>          Issue Type: Task
>          Components: documentation
>            Reporter: Misty Stanley-Jones
>            Assignee: Misty Stanley-Jones
>         Attachments: HBASE-11791-v1.patch, HBASE-11791-v2.patch, HBase 
> Security Features Operators Guide - HBaseCon 2014 - v5.pptx
>
>
> Do a pass on the ACL and tag docs and make sure they are up to date and 
> accurate, expand to cover HBASE-10885, HBASE-11001, HBASE-11002, HBASE-11434



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to