[
https://issues.apache.org/jira/browse/HBASE-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002551#comment-16002551
]
Zheng Hu edited comment on HBASE-11013 at 5/9/17 11:57 AM:
-----------------------------------------------------------
[~tedyu], Sure. we can test it by following shell command (I did not
implement ruby shell command in patch v1, and made up it in patch v2):
{code}
hbase(main):034:0> grant 'user1', 'RW', 't1'
Took 0.0970 seconds
hbase(main):035:0> grant 'user2', 'R', 't1'
Took 0.0850 seconds
hbase(main):036:0> grant 'user3', 'RWXCA', 't1'
Took 0.0830 seconds
hbase(main):037:0> user_permission 't1'
User
Namespace,Table,Family,Qualifier:Permission
user1 default,t1,,:
[Permission: actions=READ,WRITE]
user2 default,t1,,:
[Permission: actions=READ]
user3 default,t1,,:
[Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
3 row(s)
Took 0.0460 seconds
hbase(main):038:0> snapshot 't1', 'snapT1'
Took 0.3580 seconds
hbase(main):039:0> clone_snapshot 'snapT1', 'tableWithAcl', {RESTORE_ACL=>true}
Took 0.8660 seconds
hbase(main):040:0> user_permission 'tableWithAcl'
User
Namespace,Table,Family,Qualifier:Permission
user1
default,tableWithAcl,,: [Permission: actions=READ,WRITE]
user2
default,tableWithAcl,,: [Permission: actions=READ]
openinx
default,tableWithAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
user3
default,tableWithAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
4 row(s)
Took 0.0430 seconds
hbase(main):041:0> clone_snapshot 'snapT1', 'tableWithoutAcl'
Took 0.3620 seconds
hbase(main):042:0> user_permission 'tableWithoutAcl'
User
Namespace,Table,Family,Qualifier:Permission
openinx
default,tableWithoutAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
1 row(s)
{code}
ps: openinx is the user who execute shell command.
Thanks for your feedback.
was (Author: openinx):
[~tedyu], Sure. we can test it by following shell command (I did not
implement ruby shell command in patch v1, and did it in patch v2):
{code}
hbase(main):034:0> grant 'user1', 'RW', 't1'
Took 0.0970 seconds
hbase(main):035:0> grant 'user2', 'R', 't1'
Took 0.0850 seconds
hbase(main):036:0> grant 'user3', 'RWXCA', 't1'
Took 0.0830 seconds
hbase(main):037:0> user_permission 't1'
User
Namespace,Table,Family,Qualifier:Permission
user1 default,t1,,:
[Permission: actions=READ,WRITE]
user2 default,t1,,:
[Permission: actions=READ]
user3 default,t1,,:
[Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
3 row(s)
Took 0.0460 seconds
hbase(main):038:0> snapshot 't1', 'snapT1'
Took 0.3580 seconds
hbase(main):039:0> clone_snapshot 'snapT1', 'tableWithAcl', {RESTORE_ACL=>true}
Took 0.8660 seconds
hbase(main):040:0> user_permission 'tableWithAcl'
User
Namespace,Table,Family,Qualifier:Permission
user1
default,tableWithAcl,,: [Permission: actions=READ,WRITE]
user2
default,tableWithAcl,,: [Permission: actions=READ]
openinx
default,tableWithAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
user3
default,tableWithAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
4 row(s)
Took 0.0430 seconds
hbase(main):041:0> clone_snapshot 'snapT1', 'tableWithoutAcl'
Took 0.3620 seconds
hbase(main):042:0> user_permission 'tableWithoutAcl'
User
Namespace,Table,Family,Qualifier:Permission
openinx
default,tableWithoutAcl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
1 row(s)
{code}
ps: openinx is the user who execute shell command.
Thanks for your feedback.
> Clone Snapshots on Secure Cluster Should provide option to apply Retained
> User Permissions
> ------------------------------------------------------------------------------------------
>
> Key: HBASE-11013
> URL: https://issues.apache.org/jira/browse/HBASE-11013
> Project: HBase
> Issue Type: Improvement
> Components: snapshots
> Reporter: Ted Yu
> Assignee: Zheng Hu
> Attachments: HBASE-11013.v1.patch, HBASE-11013.v2.patch
>
>
> Currently,
> {code}
> sudo su - test_user
> create 't1', 'f1'
> sudo su - hbase
> snapshot 't1', 'snap_one'
> clone_snapshot 'snap_one', 't2'
> {code}
> In this scenario the user - test_user would not have permissions for the
> clone table t2.
> We need to add improvement feature such that the permissions of the original
> table are recorded in snapshot metadata and an option is provided for
> applying them to the new table as part of the clone process.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
