[
https://issues.apache.org/jira/browse/HBASE-5371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13207104#comment-13207104
]
[email protected] commented on HBASE-5371:
------------------------------------------------------
bq. On 2012-02-11 19:48:26, Ted Yu wrote:
bq. >
security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java,
line 80
bq. > <https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line80>
bq. >
bq. > This doesn't seem to match the method signature.
AccessdeniedException is an IOException.
bq. On 2012-02-11 19:48:26, Ted Yu wrote:
bq. >
security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java,
line 78
bq. > <https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line78>
bq. >
bq. > I think 'one of' is not needed here because every region would incur
permission check.
"however TablePermissions can only be checked by one of the table's regions",
means you can check permissions from any one of the table's regions, which is
essentially the same thing if you remove "one of". I removed that just in case.
- enis
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/3829/#review5026
-----------------------------------------------------------
On 2012-02-11 02:58:35, enis wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/3829/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-02-11 02:58:35)
bq.
bq.
bq. Review request for hbase.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. We need to introduce something like
AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so
that clients can check access rights before carrying out the operations. We
need this kind of operation for HCATALOG-245, which introduces authorization
providers for hbase over hcat. We cannot use getUserPermissions() since it
requires ADMIN permissions on the global/table level.
bq.
bq.
bq. This addresses bug HBASE-5371.
bq. https://issues.apache.org/jira/browse/HBASE-5371
bq.
bq.
bq. Diffs
bq. -----
bq.
bq.
security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
5091b7d
bq.
security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
5fa2edb
bq.
security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
f864373
bq.
bq. Diff: https://reviews.apache.org/r/3829/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq.
bq. Thanks,
bq.
bq. enis
bq.
bq.
> Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons)
> API
> --------------------------------------------------------------------------------
>
> Key: HBASE-5371
> URL: https://issues.apache.org/jira/browse/HBASE-5371
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.92.1
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
> Attachments: HBASE-5371_v2.patch
>
>
> We need to introduce something like
> AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so
> that clients can check access rights before carrying out the operations. We
> need this kind of operation for HCATALOG-245, which introduces authorization
> providers for hbase over hcat. We cannot use getUserPermissions() since it
> requires ADMIN permissions on the global/table level.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
