[ https://issues.apache.org/jira/browse/HBASE-11008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13972265#comment-13972265 ]
Andrew Purtell commented on HBASE-11008: ---------------------------------------- bq. The problem, as stated in HBASE-10958, is that bulk loading requires WRITE but effectively by going through LoadIncrementalHFiles it already requires CREATE. Right, as soon as you want to look at table metadata, it's more than just WRITE. On another issue Francis Liu and I discussed the notion of creating a new permission 'SCHEMA' which would grant permission to read schema metadata. Now as then it seems maybe not quite needed (yet). CREATE and ADMIN would have such SCHEMA permission explicitly, so there would still need a grant beyond WRITE for bulk loading. CREATE has evolved to a permission where a user should be able to create tables and administer them, just "not administer them too much" > Align bulk load, flush, and compact to require Action.CREATE > ------------------------------------------------------------ > > Key: HBASE-11008 > URL: https://issues.apache.org/jira/browse/HBASE-11008 > Project: HBase > Issue Type: Improvement > Components: security > Reporter: Jean-Daniel Cryans > Assignee: Jean-Daniel Cryans > Fix For: 0.99.0, 0.98.2, 0.96.3, 0.94.20 > > Attachments: HBASE-11008.patch > > > Over in HBASE-10958 we noticed that it might make sense to require > Action.CREATE for bulk load, flush, and compact since it is also required for > things like enable and disable. > This means the following changes: > - preBulkLoadHFile goes from WRITE to CREATE > - compact/flush go from ADMIN to ADMIN or CREATE -- This message was sent by Atlassian JIRA (v6.2#6252)