[jira] [Commented] (HBASE-5343) Access control API in HBaseAdmin.java

Tue, 07 Feb 2012 14:55:29 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-5343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202903#comment-13202903
 ] 

Enis Soztutar commented on HBASE-5343:
--------------------------------------

bq. Adding coprocessor specific methods to HBaseAdmin completely undermines the 
purpose of coprocessors as optionally enabled extensions, and fails to scale as 
features are added. Having HBaseAdmin be a jumble of methods related to 
specific coprocessors is not very user friendly either.
I agree that we cannot throw every interface to HBaseAdmin that is implemented 
as coprocessors. However, my thinking is that from the perspective of the end 
user, co-processors are very-advanced API, and the client should be abstracted 
away from the fact that authorization features are implemented as 
co-processors. The initial reasoning behind this issue also includes the fact 
that, authorization and authentication are "core" features for a database. 

What about introducing HBaseSecurityAdmin under ./security, which extends 
HBaseAdmin. We can also mark this interface as the stable public interface for 
security related APIs. 
                
> Access control API in HBaseAdmin.java  
> ---------------------------------------
>
>                 Key: HBASE-5343
>                 URL: https://issues.apache.org/jira/browse/HBASE-5343
>             Project: HBase
>          Issue Type: Improvement
>          Components: client, coprocessors, security
>    Affects Versions: 0.94.0, 0.92.1
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>
> To use the access control mechanism added in HBASE-3025, users should either 
> use the shell interface, or use the coprocessor API directly, which is not 
> very user friendly. We can add grant/revoke/user_permission commands similar 
> to the shell interface to HBaseAdmin assuming HBASE-5341 is in. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to