[
https://issues.apache.org/jira/browse/HBASE-12511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14251271#comment-14251271
]
Enis Soztutar commented on HBASE-12511:
---------------------------------------
bq. I think using requirePermission make more sense in these cases because
admin permission on namespace should also be able to get the permissions going,
not just global permissions
Agreed. But in this case, we should at least rename the method so that it is
clear it requires global or NS perms.
bq. preGetNamespaceDescriptor, postListNamespaceDescriptors - This should not
require any privilege as mentioned in HBASE-8015
Seems fine till we get L permission. Can we re-use X in any way? Unix dir
permission uses X for dir listing.
bq. preDeleteNamespace, preModifyNamespace - requires global permission,
namespace permission does not allow namespace DDL permission privilege as
mentioned in HBASE-8015.
So we have to fix this case, because having ADMIN on NS will allow you to
delete the NS? Delete table will work if you have C on table, don't we want the
same?
> namespace permissions - add support from table creation privilege in a
> namespace 'C'
> ------------------------------------------------------------------------------------
>
> Key: HBASE-12511
> URL: https://issues.apache.org/jira/browse/HBASE-12511
> Project: HBase
> Issue Type: Sub-task
> Reporter: Francis Liu
> Assignee: Huaiyu Zhu
> Fix For: 1.1.0
>
> Attachments: HBASE-12511.patch, HBASE-12511.patch, HBASE-12511.patch
>
>
> As discussed in namespace permission Jira. A user granted a 'C' on a
> namespace enables a user to create tables within the namespace. 'C' on a
> namespace does not enable a user to create/drop the namespace.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
