[ https://issues.apache.org/jira/browse/HBASE-14818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-14818: ----------------------------------- Fix Version/s: 0.98.20 > user_permission does not list namespace permissions > --------------------------------------------------- > > Key: HBASE-14818 > URL: https://issues.apache.org/jira/browse/HBASE-14818 > Project: HBase > Issue Type: Bug > Components: hbase > Affects Versions: 1.2.0 > Reporter: Steven Hancz > Assignee: li xiang > Priority: Minor > Fix For: 2.0.0, 1.3.0, 1.4.0, 1.2.2, 0.98.20 > > Attachments: HBASE-14818-1.2-v4.patch, HBASE-14818-master-v3.patch, > HBASE-14818-master-v4.patch, HBASE-14818-v0.patch, HBASE-14818-v1.patch, > HBASE-14818-v2.patch > > > The user_permission command does not list namespace permissions: > For example: if I create a new namespace or use an existing namespace and > grant a user privileges to that namespace, the command user_permission does > not list it. The permission is visible in the acl table. > Example: > hbase(main):005:0> create_namespace 'ns3' > 0 row(s) in 0.1640 seconds > hbase(main):007:0> grant 'test_user','RWXAC','@ns3' > 0 row(s) in 0.5680 seconds > hbase(main):008:0> user_permission '.*' > User > Namespace,Table,Family,Qualifier:Permission > > sh82993 finance,finance:emp,,: [Permission: > actions=READ,WRITE,EXEC,CREATE,ADMIN] > @hbaseglobaldba hbase,hbase:acl,,: [Permission: > actions=EXEC,CREATE,ADMIN] > @hbaseglobaloper hbase,hbase:acl,,: [Permission: > actions=EXEC,ADMIN] > hdfs hbase,hbase:acl,,: [Permission: > actions=READ,WRITE,CREATE,ADMIN,EXEC] > sh82993 ns1,ns1:tbl1,,: [Permission: > actions=READ,WRITE,EXEC,CREATE,ADMIN] > ns1admin ns1,ns1:tbl2,,: [Permission: > actions=EXEC,CREATE,ADMIN] > @hbaseappltest_ns1funct ns1,ns1:tbl2,,: [Permission: > actions=READ,WRITE,EXEC] > ns1funct ns1,ns1:tbl2,,: [Permission: > actions=READ,WRITE,EXEC,CREATE,ADMIN] > hbase ns2,ns2:tbl1,,: [Permission: > actions=READ,WRITE,EXEC,CREATE,ADMIN] > 9 row(s) in 1.8090 seconds > As you can see user test_user does not appear in the output, but we can see > the permission in the ACL table. > hbase(main):001:0> scan 'hbase:acl' > ROW COLUMN+CELL > > @finance column=l:sh82993, timestamp=1444405519510, > value=RWXCA > @gcbcppdn column=l:hdfs, timestamp=1446141119602, > value=RWCXA > @hbase column=l:hdfs, timestamp=1446141485136, > value=RWCAX > @ns1 column=l:@hbaseappltest_ns1admin, > timestamp=1447437007467, value=RWXCA > @ns1 column=l:@hbaseappltest_ns1funct, > timestamp=1447427366835, value=RWX > @ns2 column=l:@hbaseappltest_ns2admin, > timestamp=1446674470456, value=XCA > @ns2 column=l:test_user, > timestamp=1447692840030, value=RWAC > > @ns3 column=l:test_user, > timestamp=1447692860434, value=RWXAC > > finance:emp column=l:sh82993, timestamp=1444407723316, > value=RWXCA > hbase:acl column=l:@hbaseglobaldba, > timestamp=1446590375370, value=XCA > hbase:acl column=l:@hbaseglobaloper, > timestamp=1446590387965, value=XA > hbase:acl column=l:hdfs, timestamp=1446141737213, > value=RWCAX > ns1:tbl1 column=l:sh82993, timestamp=1446674153058, > value=RWXCA > ns1:tbl2 column=l:@hbaseappltest_ns1funct, > timestamp=1447183824580, value=RWX > ns1:tbl2 column=l:ns1admin, > timestamp=1447183766370, value=XCA > > ns1:tbl2 column=l:ns1funct, > timestamp=1447184077545, value=RWXCA > > ns2:tbl1 column=l:hbase, timestamp=1447182228314, > value=RWXCA > 11 row(s) in 0.4990 seconds > It would be nice to be able to see namespace permissions via the > user_permission '.*' command as scanning the acl table is not the recommended > way to view object permissions. Especially if one is looking to access base > via a shell and collect ACL information. > Steven -- This message was sent by Atlassian JIRA (v6.3.4#6332)