[ https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14034803#comment-14034803 ]
Misty Stanley-Jones commented on HBASE-6192: -------------------------------------------- OK, I'm having some trouble understanding some things. I really want to simplify this matrix as much as I can. To that end, I only want to state the minimum permissions required for each operation. Here are some questions: 1. How can I look at the code and understand where the permission needs to be set? (table, region, server, whatever) For instance, the deleteNamespace operation. Is that on a table? 2. Implied permissions: Write seems to imply Read. Does Create imply Write? Does Admin imply Create? Thus, if something requires Admin or Create, is it only requiring Admin because Admin provides Create? I've been looking at the unit tests in hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java, but they are kind of confusing because they create users with sets of permissions and then test against the users, rather than testing against the permissions themselves. This is much more simple to read but I feel like it might be causing me to miss some things. For instance, the 'superuser' really is just a user with Admin, Create, and Execute set on a global scope, right? > Document ACL matrix in the book > ------------------------------- > > Key: HBASE-6192 > URL: https://issues.apache.org/jira/browse/HBASE-6192 > Project: HBase > Issue Type: Task > Components: documentation, security > Affects Versions: 0.94.1, 0.95.2 > Reporter: Enis Soztutar > Assignee: Misty Stanley-Jones > Labels: documentaion, security > Fix For: 0.99.0 > > Attachments: HBASE-6192-rebased.patch, HBASE-6192.patch, HBase > Security-ACL Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL > Matrix.pdf, HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls, > HBase Security-ACL Matrix.xls > > > We have an excellent matrix at > https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf > for ACL. Once the changes are done, we can adapt that and put it in the > book, also add some more documentation about the new authorization features. -- This message was sent by Atlassian JIRA (v6.2#6252)