[ 
https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786478#comment-16786478
 ] 

Reid Chan commented on HBASE-21995:
-----------------------------------

1. IIRC, we didn't reach any consensus in parent issue.
2. The same to the doc, which was not be reviewed and fully discussed.

you can keep working on but not until mentioned above are done.

> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
>                 Key: HBASE-21995
>                 URL: https://issues.apache.org/jira/browse/HBASE-21995
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Yi Mei
>            Priority: Major
>
> To make hbase granted user have the access to scan table snapshots, use HDFS 
> ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users' 
> permission to '--x' to make everyone have the permission to access the 
> directory.
> 2. For namespace or table directories such as 'data/ns/table', 
> 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and 
> default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>  
> For more details, please reference the design doc: 
> https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to