[jira] [Updated] (ACCUMULO-802) table namespaces

[John Vines (JIRA)]

     [ 
https://issues.apache.org/jira/browse/ACCUMULO-802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

John Vines updated ACCUMULO-802:
--------------------------------

    Attachment: 802-security-change.diff

Attached is a diff for roughly the changes I'm proposing as 
https://reviews.apache.org/r/15166/diff/1/?file=376139#file376139line311

Follow the codepath from #canScan to understand what I'm proposing.

> table namespaces
> ----------------
>
>                 Key: ACCUMULO-802
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-802
>             Project: Accumulo
>          Issue Type: New Feature
>          Components: client, master, tserver
>            Reporter: Eric Newton
>            Assignee: Sean Hickey
>             Fix For: 1.6.0
>
>         Attachments: 802-security-change.diff, ACCUMULO-802.v0.patch, 
> ACCUMULO-802.v1.patch, ACCUMULO-802.v2.patch, ACCUMULO-802.v3.patch, 
> ACCUMULO-802.v4.patch, ACCUMULO-802.v5.patch, table-namespaces-README.txt, 
> table-namespaces-README.v1.txt, table-namespaces-README.v2.txt
>
>
> A large cluster is a valuable shared resource.  The current permission system 
> and simple table naming structure does not allow for delegation of authority 
> and safe partitioning within this shared resource.
> Use cases:
>  # create a namespace (like "test") and delegate the {{grant}} permission to 
> tables created in that namespace to a user that would manage those tables. 
> Presently, {{grant}} is never delegated.
>  # create simple "test" and "production" namespaces that are trivial for 
> users to switch between.  For example, instead of having tables "test_index" 
> and "test_documents" the client would support "index" and "documents" with an 
> API to support switching trivially between the the different environments.
>  # create a set of tables in a namespace called "latest"  This namespace is 
> re-created periodically with a map-reduce job.  If code changes inadvertently 
> create a corrupt "latest," users can switch to the set of tables known as 
> "safest"  In this way, users can experiment, and provide feedback on 
> incremental improvements, while have a safe fallback.
>  # two applications hosted on the same cluster that can share a table, which 
> has been "aliased" into their namespace.  Namespace-local permissions are 
> ignored, but a (most likely read-only) view of the table is available.  This 
> would be helpful for reference tables.
>  # quotas/priorities.  Implement namespace-specific priorities and resource 
> allocations.  It is reasonable to run namespace-specific queries and ingest 
> on production equipment. Large cluster resources are always limited, and 
> often the *only* place where near-production quality software can be run at 
> full scale.



--
This message was sent by Atlassian JIRA
(v6.1#6144)