[
https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13285766#comment-13285766
]
Andrew Purtell commented on HBASE-6096:
---------------------------------------
bq. hbase.superuser is read at startup TableAuthManager.initGlobal() and fills
the USER_CACHE with specified users with RWCA rights (so is not just ADMIN is
RWCA)
The "superuser" concept is a legacy from the initial implementation. Instead of
having ADMIN rights mean something per user, there was/is an implicit grant of
ADMIN rights to the superuser and that is it, for simplicity. So in our
production the "hbase" user is used to manage the cluster by ops, and users
have grants of only READ or WRITE as appropriate.
bq. GLOBAL ADMIN (for all tables) semantics should be inline with TABLE ADMIN
(for one table).
+1
The "superuser" shortcut should be removed. Instead the AccessController could
add a GLOBAL ADMIN grant on demand for the service principal of the master and
regionservers when creating the ACL table. I don't think anyone is setting the
"superuser" to anything other than the service principal.
Also we could drop the "owner" concept (and table attribute) and instead have
the AccessController add a TABLE ADMIN grant at table creation time, as
discussed in HBASE-5372.
> AccessController v2
> -------------------
>
> Key: HBASE-6096
> URL: https://issues.apache.org/jira/browse/HBASE-6096
> Project: HBase
> Issue Type: Umbrella
> Components: security
> Affects Versions: 0.96.0, 0.94.1
> Reporter: Andrew Purtell
>
> Umbrella issue for iteration on the initial AccessController drop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
