[
https://issues.apache.org/jira/browse/HBASE-7367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13534443#comment-13534443
]
Matteo Bertozzi commented on HBASE-7367:
----------------------------------------
[[email protected]] one question, without thinking at the snapshot for
one moment.
I'm a GLOBAL ADMIN, I create a table.
The table is enabled by default (every one can now write on it)
meanwhile I set the permission... (too late someone has already polluted the
table)
is that a problem? how do you solve that?
This is my main concern with the "clone from snapshot". Since I create a new
table with the snapshot data and no acl, meanwhile I set the permission someone
can read my data that should be protected.
if you have a workaround or by your experience you think that this is not a
real problem, I'm +1 for the global admin check instead of disabling the
feature if the ACL coprocessor is enabled.
> Snapshot coprocessor and ACL security
> -------------------------------------
>
> Key: HBASE-7367
> URL: https://issues.apache.org/jira/browse/HBASE-7367
> Project: HBase
> Issue Type: Sub-task
> Components: Client, master, regionserver, snapshots, Zookeeper
> Reporter: Matteo Bertozzi
> Assignee: Matteo Bertozzi
> Priority: Minor
> Fix For: hbase-6055, 0.96.0
>
> Attachments: HBASE-7367-v0.patch
>
>
> Currently snapshot don't care about ACL...
> and in the first draft snapshots should be disabled if the ACL coprocessor is
> enabled.
> After the first step, we can discuss how to handle the snapshot/restore/clone.
> Is saving and restoring the _acl_ related rights, the right way? maybe after
> 3 months we don't want to give the access the guys listed in the old _acl_...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
