[ https://issues.apache.org/jira/browse/HBASE-20357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16527239#comment-16527239 ]
Hadoop QA commented on HBASE-20357: ----------------------------------- | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 16s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m 56s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} refguide {color} | {color:blue} 5m 13s{color} | {color:blue} branch has no errors when building the reference guide. See footer for rendered docs, which you should manually inspect. {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:blue}0{color} | {color:blue} refguide {color} | {color:blue} 5m 2s{color} | {color:blue} patch has no errors when building the reference guide. See footer for rendered docs, which you should manually inspect. {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 10s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 15m 52s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hbase:b002b0b | | JIRA Issue | HBASE-20357 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12929687/HBASE-20357.master.addendum.0.patch | | Optional Tests | asflicense refguide | | uname | Linux 9949661b231c 3.13.0-139-generic #188-Ubuntu SMP Tue Jan 9 14:43:09 UTC 2018 x86_64 GNU/Linux | | Build tool | maven | | Personality | /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/component/dev-support/hbase-personality.sh | | git revision | master / bb8826ca5f | | maven | version: Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe; 2018-06-17T18:33:14Z) | | refguide | https://builds.apache.org/job/PreCommit-HBASE-Build/13451/artifact/patchprocess/branch-site/book.html | | refguide | https://builds.apache.org/job/PreCommit-HBASE-Build/13451/artifact/patchprocess/patch-site/book.html | | Max. process+thread count | 83 (vs. ulimit of 10000) | | modules | C: . U: . | | Console output | https://builds.apache.org/job/PreCommit-HBASE-Build/13451/console | | Powered by | Apache Yetus 0.7.0 http://yetus.apache.org | This message was automatically generated. > AccessControlClient API Enhancement > ----------------------------------- > > Key: HBASE-20357 > URL: https://issues.apache.org/jira/browse/HBASE-20357 > Project: HBase > Issue Type: Improvement > Components: security > Reporter: Pankaj Kumar > Assignee: Pankaj Kumar > Priority: Major > Fix For: 3.0.0 > > Attachments: HBASE-20357.master.001.patch, > HBASE-20357.master.002.patch, HBASE-20357.master.003.patch, > HBASE-20357.master.addendum.0.patch > > > *Background:* > Currently HBase ACLs can be retrieved based on the namespace or table name > only. There is no direct API available to retrieve the permissions based on > the namespace, table name, column family and column qualifier for specific > user. > Client has to write application logic in multiple steps to retrieve ACLs > based on table name, column name and column qualifier for specific user. > HBase should enhance AccessControlClient APIs to simplyfy this. > *AccessControlClient API should be extended with following APIs,* > # To retrieve permissions based on the namespace, table name, column family > and column qualifier for specific user. > Permissions can be retrieved based on the following inputs, > - Namespace/Table (already available) > - Namespace/Table + UserName > - Table + CF > - Table + CF + UserName > - Table + CF + CQ > - Table + CF + CQ + UserName > Scope of retrieving permission will be as follows, > - Same as existing > 2. To validate whether a user is allowed to perform specified > operations on a particular table, will be useful to check user privilege > instead of getting ACD during client > operation. > User validation can be performed based on following inputs, > - Table + CF + CQ + UserName + Actions > Scope of validating user privilege, > User can perform self check without any special privilege > but ADMIN privilege will be required to perform check for other users. > For example, suppose there are two users "userA" & > "userB" then there can be below scenarios, > - when userA want to check whether userA have > privilege to perform mentioned actions > > userA don't need ADMIN privilege, as it's a > self query. > - when userA want to check whether userB have > privilege to perform mentioned actions, > > userA must have ADMIN or superuser > privilege, as it's trying to query for other user. -- This message was sent by Atlassian JIRA (v7.6.3#76005)