[
https://issues.apache.org/jira/browse/HBASE-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Purtell updated HBASE-7333:
----------------------------------
Description:
The shell commands for security are rudimentary and should be improved. The
commands we have need to be updated for the "AccessController v2" changes. The
distinction between the shell and the Java (admin) API is blurry because our
shell is JRuby but it makes sense to provide some convenient shortcuts for
common actions.
At a minimum the current set of commands should validate their arguments.
'revoke' should be improved so all access for a given user can be conveniently
revoked with one command, as opposed to requiring a specific revoke for every
previous grant. This may involve interaction with a master mediated transaction
or barrier framework.
Once HBASE-6222 is in, it should be possible to conveniently construct ACLs and
add them to DML ops like put and delete; and there should be support for
dumping ACLs at the cell level too.
Also, I observed 'user_permission' fail with NPEs on a colleague's workstation
recently. It could have been the local environment, but I suspect there may be
some rot here.
was:
The shell commands for security are rudimentary and should be improved. The
commands we have need to be updated for the "AccessController v2" changes. The
distinction between the shell and the Java (admin) API is blurry because our
shell is JRuby but it makes sense to provide some convenient shortcuts for
common actions.
Also, I observed 'user_permission' fail with NPEs on a colleague's workstation
recently. It could have been the local environment, but I suspect there may be
some rot here.
> Improve the security shell commands
> -----------------------------------
>
> Key: HBASE-7333
> URL: https://issues.apache.org/jira/browse/HBASE-7333
> Project: HBase
> Issue Type: Sub-task
> Components: Coprocessors, security, shell
> Affects Versions: 0.96.0, 0.94.4
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
>
> The shell commands for security are rudimentary and should be improved. The
> commands we have need to be updated for the "AccessController v2" changes.
> The distinction between the shell and the Java (admin) API is blurry because
> our shell is JRuby but it makes sense to provide some convenient shortcuts
> for common actions.
> At a minimum the current set of commands should validate their arguments.
> 'revoke' should be improved so all access for a given user can be
> conveniently revoked with one command, as opposed to requiring a specific
> revoke for every previous grant. This may involve interaction with a master
> mediated transaction or barrier framework.
> Once HBASE-6222 is in, it should be possible to conveniently construct ACLs
> and add them to DML ops like put and delete; and there should be support for
> dumping ACLs at the cell level too.
> Also, I observed 'user_permission' fail with NPEs on a colleague's
> workstation recently. It could have been the local environment, but I suspect
> there may be some rot here.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
