[
https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284981#comment-13284981
]
Matteo Bertozzi commented on HBASE-6096:
----------------------------------------
1) no admin is different... able to do operation on the cluster (region move,
unassign, ... and create/delete/modify all the tables)
2) if you grant for 'A' you don't get RWC
so admin are not able to read but are able to perform actions
(create/delete/modify) on all tables
3) if you grant 'W' you don't get 'R'
The permission checks are done in this way:
AccessController.permissionGranted()
* Allow All to READ on .META. and -ROOT-
* Allow Users with global ADMIN/CREATE to write on .META. (Add/Remove Table...)
* Allow if user is Table Owner
* Allow if user has Table Level rights
* Allow if user has (Table) Family Level rights
* Allow if user has (Table, Family) Qualifier Level rights
> AccessController v2
> -------------------
>
> Key: HBASE-6096
> URL: https://issues.apache.org/jira/browse/HBASE-6096
> Project: HBase
> Issue Type: Umbrella
> Components: security
> Affects Versions: 0.96.0, 0.94.1
> Reporter: Andrew Purtell
>
> Umbrella issue for iteration on the initial AccessController drop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
