[ https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284981#comment-13284981 ]
Matteo Bertozzi commented on HBASE-6096: ---------------------------------------- 1) no admin is different... able to do operation on the cluster (region move, unassign, ... and create/delete/modify all the tables) 2) if you grant for 'A' you don't get RWC so admin are not able to read but are able to perform actions (create/delete/modify) on all tables 3) if you grant 'W' you don't get 'R' The permission checks are done in this way: AccessController.permissionGranted() * Allow All to READ on .META. and -ROOT- * Allow Users with global ADMIN/CREATE to write on .META. (Add/Remove Table...) * Allow if user is Table Owner * Allow if user has Table Level rights * Allow if user has (Table) Family Level rights * Allow if user has (Table, Family) Qualifier Level rights > AccessController v2 > ------------------- > > Key: HBASE-6096 > URL: https://issues.apache.org/jira/browse/HBASE-6096 > Project: HBase > Issue Type: Umbrella > Components: security > Affects Versions: 0.96.0, 0.94.1 > Reporter: Andrew Purtell > > Umbrella issue for iteration on the initial AccessController drop. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira