[
https://issues.apache.org/jira/browse/HBASE-18659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138121#comment-16138121
]
Duo Zhang commented on HBASE-18659:
-----------------------------------
{quote}
So whenever there is change for R permission on NS/Table/CF (Add or Remove)
have to do the same on all applicable HFiles
{quote}
I'm not fully understand how the 'default ACL' works in HDFS. The semantic of
'default ACL' is that it will be applied to all the children of a directory,
but I do not know whether it will effect the already existing children, or only
newly created children.
> Use HDFS ACL to give user the ability to read snapshot directly on HDFS
> -----------------------------------------------------------------------
>
> Key: HBASE-18659
> URL: https://issues.apache.org/jira/browse/HBASE-18659
> Project: HBase
> Issue Type: New Feature
> Reporter: Duo Zhang
>
> On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic
> about the permission to read hfiles on HDFS directly.
> {quote}
> For client-side scanner going against hfiles directly; is there a means of
> being able to pass the permissions from hbase to hdfs?
> {quote}
> And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much
> faster and consumes less resources, but only super use has the ability to
> read hfile directly on HDFS.
> So here we want to use HDFS ACL to address this problem.
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API
> The basic idea is to set acl and default on the table directory on HDFS for
> the users who have the permission to read the table on HBase.
> Suggestions are welcomed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
