[
https://issues.apache.org/jira/browse/HBASE-8409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13739125#comment-13739125
]
Hudson commented on HBASE-8409:
-------------------------------
FAILURE: Integrated in hbase-0.95 #442 (See
[https://builds.apache.org/job/hbase-0.95/442/])
HBASE-8409 Security support for namespaces (stack: rev 1513668)
*
/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
*
/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/RequestConverter.java
*
/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ResponseConverter.java
*
/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
*
/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java
*
/hbase/branches/0.95/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
*
/hbase/branches/0.95/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
* /hbase/branches/0.95/hbase-protocol/src/main/protobuf/AccessControl.proto
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
*
/hbase/branches/0.95/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/generated/Hbase.java
* /hbase/branches/0.95/hbase-server/src/test/data/TestNamespaceUpgrade.tgz
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFiles.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFilesSplitRecovery.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/migration/TestNamespaceUpgrade.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
*
/hbase/branches/0.95/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
> Security support for namespaces
> -------------------------------
>
> Key: HBASE-8409
> URL: https://issues.apache.org/jira/browse/HBASE-8409
> Project: HBase
> Issue Type: Sub-task
> Reporter: Francis Liu
> Assignee: Vandana Ayyalasomayajula
> Priority: Blocker
> Fix For: 0.98.0, 0.95.2
>
> Attachments: 8409_095.txt, HBASE-8049_trunk.patch,
> HBASE-8409_2.patch, HBASE-8409_3.patch, HBASE-8409_4.patch,
> TestNamespaceUpgrade.tgz
>
>
> This task adds the security piece to the namespace feature. The work related
> to migration of the existing acl table to the new namespace is remaining and
> will be completed in the follow up patch. Permissions can be granted to a
> namespace by the hbase admin, by appending '@' to the namespace name. A user
> with write or admin permissions on a given namespace can create tables in
> that namespace. The other privileges (R, X, C ) do not have any special
> meaning w.r.t namespaces. Any users of hbase can list tables in a namespace.
>
> The following commands can only be executed by HBase admins.
> 1. Grant privileges for user on Namespace.
> 2. Revoke privileges for user on Namespace
> Grant Command:
> hbase> grant 'tenant-A' 'W' '@N1'
> In the above example, the command will grant the user 'tenant-A' write
> privileges for a namespace named "N1".
> Revoke Command:
> hbase> revoke 'tenant-A''@N1'
> In the above example, the command will revoke all privileges from user
> 'tenant-A' for namespace named "N1".
> Lets see an example on how privileges work with namespaces.
>
> User "Mike" request for a namespace named "hbase_perf" with the hbase admin.
> whoami: hbase
> hbase shell >> namespace_create 'hbase_perf'
> hbase shell >> grant 'mike', 'W', '@hbase_perf'
> Mike creates two tables "table20" and "table50" in the above workspace.
> whoami: mike
> hbase shell >> create 'hbase_perf.table20', 'family1'
> hbase shell >> create 'hbase_perf.table50', 'family1'
> Note: As Mike was able to create tables 'hbase_perf.table20',
> 'hbase_perf.table50', he becomes the owner of those tables.
> This means he has "RWXCA" perms on those tables.
> Another team member of Mike, Alice wants also to share the same workspace
> "hbase_perf". HBase admin grants Alice also permission to create tables in
> "hbase_perf" namespace.
> whoami: hbase
> hbase shell >> grant 'alice', 'W', '@hbase_perf'
> Now Alice can create new tables under "hbase_perf" namespace, but cannot
> read,write,alter,delete existing tables in the namespace.
>
> whoami: alice
> hbase shell >> namespace_list_tables 'hbase_perf'
> hbase_perf.table20
> hbase_perf.table50
> hbase shell >> scan 'hbase_perf.table20'
> AccessDeniedException
>
> If Alice wants to read or write to existing tables in the "hbase_perf"
> namespace, hbase admins need to explicitly grant permission.
>
> whoami: hbase
> hbase shell >> grant 'alice', 'RW', 'hbase_perf.table20'
> hbase shell >> grant 'alice', 'RW', 'hbase_perf.table50'
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
