[jira] [Commented] (HBASE-21995) Add a coprocessor to set HDFS ACL for hbase granted user

[Hudson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16871094#comment-16871094
 ] 

Hudson commented on HBASE-21995:
--------------------------------

Results for branch master
        [build #1169 on 
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/master/1169/]: (x) 
*{color:red}-1 overall{color}*
----
details (if available):

(x) {color:red}-1 general checks{color}
-- For more information [see general 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1169//General_Nightly_Build_Report/]




(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1169//JDK8_Nightly_Build_Report_(Hadoop2)/]


(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1169//JDK8_Nightly_Build_Report_(Hadoop3)/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(x) {color:red}-1 client integration test{color}
--Failed when running client tests on top of Hadoop 2. [see log for 
details|https://builds.apache.org/job/HBase%20Nightly/job/master/1169//artifact/output-integration/hadoop-2.log].
 (note that this means we didn't run on Hadoop 3)


> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
>                 Key: HBASE-21995
>                 URL: https://issues.apache.org/jira/browse/HBASE-21995
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Yi Mei
>            Assignee: Yi Mei
>            Priority: Major
>             Fix For: 3.0.0, 2.3.0
>
>
> To make hbase granted user have the access to scan table snapshots, use HDFS 
> ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users' 
> permission to '--x' to make everyone have the permission to access the 
> directory.
> 2. For namespace or table directories such as 'data/ns/table', 
> 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and 
> default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>  
> For more details, please reference the design doc: 
> https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)