[
https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294514#comment-13294514
]
Laxman commented on HBASE-6188:
-------------------------------
bq. 1) In PostCreate - We can grant CRWA permissions to the current user(i.e.
owner).
I was thinking to ignoring the owner and PostCreate will make use of
getActiveUser() to get the requested user. But, as per your comments, i
understand that, we still need to consider owner to make it backward
compatible.
bq. Forgot to mention that also this needs to happen if the table owner is
changed via setOwner().
I think this needs to be handled in postModifyTable. But I can see that raises
some more questions.
* Should we revoke permissions for old owner? If yes, how do we track old owner
in postModify?
Please correct me if my understanding is incorrect.
> Remove the concept of table owner
> ---------------------------------
>
> Key: HBASE-6188
> URL: https://issues.apache.org/jira/browse/HBASE-6188
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Andrew Purtell
> Assignee: Laxman
> Labels: security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6188.1.patch, HBASE-6188.patch
>
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE
> permission can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds
> unnecessary conditionals to our code. So instead the administrator with
> GLOBAL CREATE permission should make the appropriate grants at table create
> time.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
