[
https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13285418#comment-13285418
]
Laxman commented on HBASE-6096:
-------------------------------
{quote}2) if you grant for 'A' you don't get RWC
so admin are not able to read but are able to perform actions
(create/delete/modify) on all tables{quote}
bq. IMO, it's preferable to conceptualize ADMIN permission as only an extra bit
that allows you to interact with the Master on table management concerns.
I agree. But I still need some details to prepare ACL matrix.
There are two levels of 'A' (ADMIN) now.
a) GLOBAL ADMIN (Super user - Configured using hbase.superuser)
b) TABLE ADMIN (via grant)
I'm not able to clearly differentiate between them.
In the current implementation, GLOBAL ADMIN is able to read/write to any table.
Which means, TABLE ADMIN will not be able to perform some operations on a table
which GLOBAL ADMIN is able to do. Now we may need to discuss which part of
these needs correction?
IMO, GLOBAL ADMIN (for all tables) semantics should be inline with TABLE ADMIN
(for one table).
> AccessController v2
> -------------------
>
> Key: HBASE-6096
> URL: https://issues.apache.org/jira/browse/HBASE-6096
> Project: HBase
> Issue Type: Umbrella
> Components: security
> Affects Versions: 0.96.0, 0.94.1
> Reporter: Andrew Purtell
>
> Umbrella issue for iteration on the initial AccessController drop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
