[
https://issues.apache.org/jira/browse/HBASE-20357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16527239#comment-16527239
]
Hadoop QA commented on HBASE-20357:
-----------------------------------
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
16s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m
56s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} refguide {color} | {color:blue} 5m
13s{color} | {color:blue} branch has no errors when building the reference
guide. See footer for rendered docs, which you should manually inspect. {color}
|
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:blue}0{color} | {color:blue} refguide {color} | {color:blue} 5m
2s{color} | {color:blue} patch has no errors when building the reference guide.
See footer for rendered docs, which you should manually inspect. {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
10s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 15m 52s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hbase:b002b0b |
| JIRA Issue | HBASE-20357 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12929687/HBASE-20357.master.addendum.0.patch
|
| Optional Tests | asflicense refguide |
| uname | Linux 9949661b231c 3.13.0-139-generic #188-Ubuntu SMP Tue Jan 9
14:43:09 UTC 2018 x86_64 GNU/Linux |
| Build tool | maven |
| Personality |
/home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/component/dev-support/hbase-personality.sh
|
| git revision | master / bb8826ca5f |
| maven | version: Apache Maven 3.5.4
(1edded0938998edf8bf061f1ceb3cfdeccf443fe; 2018-06-17T18:33:14Z) |
| refguide |
https://builds.apache.org/job/PreCommit-HBASE-Build/13451/artifact/patchprocess/branch-site/book.html
|
| refguide |
https://builds.apache.org/job/PreCommit-HBASE-Build/13451/artifact/patchprocess/patch-site/book.html
|
| Max. process+thread count | 83 (vs. ulimit of 10000) |
| modules | C: . U: . |
| Console output |
https://builds.apache.org/job/PreCommit-HBASE-Build/13451/console |
| Powered by | Apache Yetus 0.7.0 http://yetus.apache.org |
This message was automatically generated.
> AccessControlClient API Enhancement
> -----------------------------------
>
> Key: HBASE-20357
> URL: https://issues.apache.org/jira/browse/HBASE-20357
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: HBASE-20357.master.001.patch,
> HBASE-20357.master.002.patch, HBASE-20357.master.003.patch,
> HBASE-20357.master.addendum.0.patch
>
>
> *Background:*
> Currently HBase ACLs can be retrieved based on the namespace or table name
> only. There is no direct API available to retrieve the permissions based on
> the namespace, table name, column family and column qualifier for specific
> user.
> Client has to write application logic in multiple steps to retrieve ACLs
> based on table name, column name and column qualifier for specific user.
> HBase should enhance AccessControlClient APIs to simplyfy this.
> *AccessControlClient API should be extended with following APIs,*
> # To retrieve permissions based on the namespace, table name, column family
> and column qualifier for specific user.
> Permissions can be retrieved based on the following inputs,
> - Namespace/Table (already available)
> - Namespace/Table + UserName
> - Table + CF
> - Table + CF + UserName
> - Table + CF + CQ
> - Table + CF + CQ + UserName
> Scope of retrieving permission will be as follows,
> - Same as existing
> 2. To validate whether a user is allowed to perform specified
> operations on a particular table, will be useful to check user privilege
> instead of getting ACD during client
> operation.
> User validation can be performed based on following inputs,
> - Table + CF + CQ + UserName + Actions
> Scope of validating user privilege,
> User can perform self check without any special privilege
> but ADMIN privilege will be required to perform check for other users.
> For example, suppose there are two users "userA" &
> "userB" then there can be below scenarios,
> - when userA want to check whether userA have
> privilege to perform mentioned actions
> > userA don't need ADMIN privilege, as it's a
> self query.
> - when userA want to check whether userB have
> privilege to perform mentioned actions,
> > userA must have ADMIN or superuser
> privilege, as it's trying to query for other user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
