[
https://issues.apache.org/jira/browse/HBASE-12421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196738#comment-14196738
]
Andrew Purtell commented on HBASE-12421:
----------------------------------------
{code}
<listitem>
<para><command>Cell</command> - permissions granted at
<filename>cell</filename> scope
apply to all versions of that cell's contents.</para>
</listitem>
{code}
No, permissions granted on a cell apply only to that exact cell coordinate.
This allows for policy evolution along with data.
To change an ACL on a specific cell, write an updated cell with new ACL to the
precise coordinates of the original.
If you have a multiversioned schema and want to update ACLs on all visible
versions, you'll need to write new cells for all visible versions. The
application has complete control over policy evolution.
The exception to the above rule is append and increment processing. Appends and
increments can carry an ACL on the operation. If one is included in the
operation, then it will be applied to the result of the append or increment.
Otherwise, we carry forward the ACL of the existing cell we are appending to or
incrementing. Otherwise the semantics would be really surprising.
> Clarify ACL concepts and best practices
> ---------------------------------------
>
> Key: HBASE-12421
> URL: https://issues.apache.org/jira/browse/HBASE-12421
> Project: HBase
> Issue Type: Bug
> Components: documentation, security
> Reporter: Misty Stanley-Jones
> Assignee: Misty Stanley-Jones
> Attachments: HBASE-12421.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
