[
https://issues.apache.org/jira/browse/HBASE-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037077#comment-14037077
]
Matteo Bertozzi commented on HBASE-6192:
----------------------------------------
I don't think this stuff is correct (at the beginning of the patch)
ADMIN does not imply READ and WRITE or CREATE as far as I know, and if it does
looks weird to me.
same for an ADMIN GLOBAL permission does not imply that you have all the
permissions but just admin.
(the above may be true only for META)
* A combination of GLOBAL and ADMIN implicitly has all permissions in all
scopes.
* A user with a permission granted at GLOBAL scope automatically has the
permission at all other scopes. For instance, a user with GLOBAL CREATE also
has TABLE CREATE, but not vice versa. Thus, in this matrix, GLOBAL is implied
and only listed if GLOBAL is the minimum required scope.
* A user with a permission of ADMIN automatically has CREATE and WRITE
permissions.
> Document ACL matrix in the book
> -------------------------------
>
> Key: HBASE-6192
> URL: https://issues.apache.org/jira/browse/HBASE-6192
> Project: HBase
> Issue Type: Task
> Components: documentation, security
> Affects Versions: 0.94.1, 0.95.2
> Reporter: Enis Soztutar
> Assignee: Misty Stanley-Jones
> Labels: documentaion, security
> Fix For: 0.99.0
>
> Attachments: HBASE-6192-2.patch, HBASE-6192-rebased.patch,
> HBASE-6192.patch, HBase Security-ACL Matrix.pdf, HBase Security-ACL
> Matrix.pdf, HBase Security-ACL Matrix.pdf, HBase Security-ACL Matrix.xls,
> HBase Security-ACL Matrix.xls, HBase Security-ACL Matrix.xls
>
>
> We have an excellent matrix at
> https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf
> for ACL. Once the changes are done, we can adapt that and put it in the
> book, also add some more documentation about the new authorization features.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
