mymeiyi commented on a change in pull request #163: HBASE-21995 Add a
coprocessor to set HDFS ACL for hbase granted user
URL: https://github.com/apache/hbase/pull/163#discussion_r292795865
##########
File path:
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/PermissionStorage.java
##########
@@ -263,6 +263,7 @@ private static void removePermissionRecord(Configuration
conf, UserPermission us
static void removeTablePermissions(Configuration conf, TableName tableName,
Table t)
throws IOException{
Delete d = new Delete(tableName.getName());
+ d.addFamily(ACL_LIST_FAMILY);
Review comment:
Add a new CF in hbase acl table to record if the hbase read permission is
synchronized to related hfile.
The value has two usages:
1. check if we need to remove hdfs acls for a grant without READ permission;
(eg: grant user table read permission and then grant user table write
permission without merging the existing permissions, in this case, need to
remove hdfs acls)
2. skip some hdfs acl sync because it may be already added.
(eg: grant user table read permission and then grant user ns read
permission;
grant user table read permission and then grant user table write permission
with merging the existing permissions)
The values of original CF are modified in AccessController, the values of
new CF is modified in this SnapshotScannerHDFSAclController.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
