[
https://issues.apache.org/jira/browse/HBASE-8358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634186#comment-13634186
]
Jeff Kolesky commented on HBASE-8358:
-------------------------------------
While deletes and puts are just writes, semantically they are distinct, and
they show up as distinct key value types. I do not want to protect a put
overwriting another put. My use case is this:
I want to give `hbase shell` access to individuals to allow them to debug
issues. I want them to have read-only access in our production tier. Existing
security handles that case just fine. We also have a testing tier where it is
often useful for these individuals to write data into tables to construct
scenarios for testing. Given how destructive a delete in Hbase can be, and how
it is not recoverable by just writing the cell back in, I want to be sure that
no data can be accidentally deleted. Given our schema design, a malformed
delete could remove all of the data in one of our thick rows.
I'm not as familiar with the security code in HBase yet. Will you point me to
the code where the additional loop iteration would need to be added so I can
understand your performance concerns?
> Add delete permission separate from full write permissions
> ----------------------------------------------------------
>
> Key: HBASE-8358
> URL: https://issues.apache.org/jira/browse/HBASE-8358
> Project: HBase
> Issue Type: New Feature
> Reporter: Jeff Kolesky
>
> Currently there are five permissions checked by HBase: read, write, exec,
> create, and admin. An RDBMS allows for more fine-grained control over the
> operations, and it would be helpful to have such controls in HBase.
> Specifically, a distinction between "put" and "delete" would be most useful.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
