[
https://issues.apache.org/jira/browse/HBASE-11008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13972265#comment-13972265
]
Andrew Purtell commented on HBASE-11008:
----------------------------------------
bq. The problem, as stated in HBASE-10958, is that bulk loading requires WRITE
but effectively by going through LoadIncrementalHFiles it already requires
CREATE.
Right, as soon as you want to look at table metadata, it's more than just
WRITE.
On another issue Francis Liu and I discussed the notion of creating a new
permission 'SCHEMA' which would grant permission to read schema metadata. Now
as then it seems maybe not quite needed (yet). CREATE and ADMIN would have such
SCHEMA permission explicitly, so there would still need a grant beyond WRITE
for bulk loading.
CREATE has evolved to a permission where a user should be able to create tables
and administer them, just "not administer them too much"
> Align bulk load, flush, and compact to require Action.CREATE
> ------------------------------------------------------------
>
> Key: HBASE-11008
> URL: https://issues.apache.org/jira/browse/HBASE-11008
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Jean-Daniel Cryans
> Assignee: Jean-Daniel Cryans
> Fix For: 0.99.0, 0.98.2, 0.96.3, 0.94.20
>
> Attachments: HBASE-11008.patch
>
>
> Over in HBASE-10958 we noticed that it might make sense to require
> Action.CREATE for bulk load, flush, and compact since it is also required for
> things like enable and disable.
> This means the following changes:
> - preBulkLoadHFile goes from WRITE to CREATE
> - compact/flush go from ADMIN to ADMIN or CREATE
--
This message was sent by Atlassian JIRA
(v6.2#6252)
