[jira] [Commented] (HBASE-6192) Document ACL matrix in the book

Tue, 17 Jun 2014 21:41:21 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14034803#comment-14034803
 ] 

Misty Stanley-Jones commented on HBASE-6192:
--------------------------------------------

OK, I'm having some trouble understanding some things. I really want to 
simplify this matrix as much as I can. To that end, I only want to state the 
minimum permissions required for each operation. Here are some questions:

1. How can I look at the code and understand where the permission needs to be 
set? (table, region, server, whatever) For instance, the deleteNamespace 
operation. Is that on a table?

2. Implied permissions: Write seems to imply Read. Does Create imply Write? 
Does Admin imply Create? Thus, if something requires Admin or Create, is it 
only requiring Admin because Admin provides Create?

I've been looking at the unit tests in 
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java,
 but they are kind of confusing because they create users with sets of 
permissions and then test against the users, rather than testing against the 
permissions themselves. This is much more simple to read but I feel like it 
might be causing me to miss some things. For instance, the 'superuser' really 
is just a user with Admin, Create, and Execute set on a global scope, right?

> Document ACL matrix in the book
> -------------------------------
>
>                 Key: HBASE-6192
>                 URL: https://issues.apache.org/jira/browse/HBASE-6192
>             Project: HBase
>          Issue Type: Task
>          Components: documentation, security
>    Affects Versions: 0.94.1, 0.95.2
>            Reporter: Enis Soztutar
>            Assignee: Misty Stanley-Jones
>              Labels: documentaion, security
>             Fix For: 0.99.0
>
>         Attachments: HBASE-6192-rebased.patch, HBASE-6192.patch, HBase 
> Security-ACL Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL 
> Matrix.pdf, HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls, 
> HBase Security-ACL Matrix.xls
>
>
> We have an excellent matrix at 
> https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf
>  for ACL. Once the changes are done, we can adapt that and put it in the 
> book, also add some more documentation about the new authorization features. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to