[ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292939#comment-13292939 ]
Laxman commented on HBASE-6188: ------------------------------- Thanks Ram for pitching in. Andy, we definitely agree to your point. Just reiterating my previous comments. {quote} I agree with you Andy. But if we keep DisableTable/EnableTable permission with ADMIN alone, to delete/modify a table a user should have both ADMIN and CREATE permissions. ADMIN access to disable a table and CREATE access to delete/modify the table. Or user with CREATE only access has to request the ADMIN user to disable/enable the table before/after DDL. {quote} So, to delete a table requires two different users or one user with both permissions. This is my only concern. Thanks for clarification. Please provide your opinion of this. CREATE -(DDL) CreateTable, AddColumn, DeleteColumn, DeleteTable, ModifyColumn, ModifyTable ADMIN - DisableTable, EnableTable bq. it is a large subset of ADMIN permission. Please note that above are two disjoint sets. That means, DDL operations can't be done by ADMIN. Hope that should make them clean. > Remove the concept of table owner > --------------------------------- > > Key: HBASE-6188 > URL: https://issues.apache.org/jira/browse/HBASE-6188 > Project: HBase > Issue Type: Sub-task > Components: security > Reporter: Andrew Purtell > Assignee: Laxman > Labels: security > > The table owner concept was a design simplification in the initial drop. > First, the design changes under review means only a user with GLOBAL CREATE > permission can create a table, which will probably be an administrator. > Then, granting implicit permissions may lead to oversights and it adds > unnecessary conditionals to our code. So instead the administrator with > GLOBAL CREATE permission should make the appropriate grants at table create > time. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira