[ 
https://issues.apache.org/jira/browse/HBASE-21255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Reid Chan updated HBASE-21255:
------------------------------
    Labels: ACLs security-issue  (was: )

> [acl] Refactor TablePermission into three classes (Global, Namespace, Table)
> ----------------------------------------------------------------------------
>
>                 Key: HBASE-21255
>                 URL: https://issues.apache.org/jira/browse/HBASE-21255
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Reid Chan
>            Assignee: Reid Chan
>            Priority: Major
>              Labels: ACLs, security-issue
>             Fix For: 3.0.0, 2.2.0
>
>         Attachments: HBASE-21225.master.001.patch, 
> HBASE-21225.master.002.patch, HBASE-21225.master.007.patch, 
> HBASE-21225.master.008.patch, HBASE-21225.master.009.patch, 
> HBASE-21225.master.009.patch, HBASE-21255.master.003.patch, 
> HBASE-21255.master.004.patch, HBASE-21255.master.005.patch, 
> HBASE-21255.master.006.patch, HBASE-21255.master.006.patch
>
>
> A TODO in {{TablePermission.java}}
> {code:java}
>   //TODO refactor this class
>   //we need to refacting this into three classes (Global, Table, Namespace)
> {code}
> Change Notes:
>  * Divide origin TablePermission into three classes GlobalPermission, 
> NamespacePermission, TablePermission
>  * New UserPermission consists of a user name(string, not byte[], for 
> convenience) and a permission in one of [Global, Namespace, Table]Permission.
>  * Rename TableAuthManager to AuthManager(it is IA.P), and rename some 
> methods for readability.
>  * Make PermissionCache thread safe, and the ListMultiMap is changed to Set.
>  * User cache and group cache in AuthManager is combined together.
>  * Wire proto is kept, BC should be under guarantee.
>  * Fix HBASE-21390.
>  * Resolve a small {{TODO}} global entry should be handled differently in 
> AccessControlLists



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to