[jira] [Updated] (HBASE-12564) consolidate the getTableDescriptors() semantic

Mon, 01 Dec 2014 09:20:13 -0800 

     [ 
https://issues.apache.org/jira/browse/HBASE-12564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Bertozzi updated HBASE-12564:
------------------------------------
    Attachment: HBASE-12564-v0.patch

v0 removes the deprecated Connection.listTables() added with HBASE-12073 (which 
is only in master) in favor of the Admin API (as suggested by the doc).
v0 changes the getTableDescriptors() right check for the "list all" returning 
only the tables that the user can see (table level Admin/Create).
v0 adds a new option to listTables() allowing to return the sys-tables, which 
is useful to user_permission. 

I was thinking to add the same AccessController logic of getTableDescriptors() 
to getTableNames(), which at the moment returns all the table names without 
asking anything (see HBASE-9182). I think the behavior should be "give me all 
the names that I have access to" so the AccessController should filter the 
tables like getTableDescriptors() but checking also Read/Write rights and not 
only Admin/Create. [~apurtell]?

> consolidate the getTableDescriptors() semantic
> ----------------------------------------------
>
>                 Key: HBASE-12564
>                 URL: https://issues.apache.org/jira/browse/HBASE-12564
>             Project: HBase
>          Issue Type: Bug
>          Components: Client, master
>    Affects Versions: 2.0.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>            Priority: Minor
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12564-v0.patch
>
>
> Master getTableDescriptors() which is called by Admin.listTables() has a 
> couple of different behaviors depending on how it is called. 
> after HBASE-12073 with the AccessController enabled, we now get a "global 
> admin" required if listTables() is called without a regex otherwise we return 
> only the table that the user can see (we show only the tables that the user 
> have access to, which means or the user is a global admin or it has a 
> table-level create/admin). We probably should have the second behavior even 
> without regex, since I should able to see "my own tables". 
> getTableDescriptors() is returning only non system tables. Tools like 
> user_permission that are doing "for each listTable(): userPerm(table)" are 
> losing the system tables, so stuff like user_permission 'hbase:acls' will not 
> result any result.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to