Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-11769

Truncate table shouldn't revoke user privileges

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 0.94.15
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      hbase(main):002:0> create 'a','cf'
      0 row(s) in 0.2500 seconds

      => Hbase::Table - a
      hbase(main):003:0> grant 'usera','R','a'
      0 row(s) in 0.2080 seconds

      hbase(main):007:0> user_permission 'a'
      User Table,Family,Qualifier:Permission
      usera a,,: [Permission: actions=READ]

      hbase(main):004:0> truncate 'a'
      Truncating 'a' table (it may take a while):

      • Disabling table...
      • Dropping table...
      • Creating table...
        0 row(s) in 1.5320 seconds

      hbase(main):005:0> user_permission 'a'
      User Table,Family,Qualifier:Permission

        Issue Links

          Activity

          Hide
          jmspaggi Jean-Marc Spaggiari added a comment -

          Make sense to me.

          There is also a truncate which preserves the splits. You might want to modify this one too. (truncate_preserve)

          Show
          jmspaggi Jean-Marc Spaggiari added a comment - Make sense to me. There is also a truncate which preserves the splits. You might want to modify this one too. (truncate_preserve)
          Hide
          tobe chendihao added a comment -

          Agree with Jean-Marc Spaggiari. Truncate_preserve works well without removing the privilieges.

          Won't fix, right?

          Show
          tobe chendihao added a comment - Agree with Jean-Marc Spaggiari . Truncate_preserve works well without removing the privilieges. Won't fix, right?
          Hide
          mbertozzi Matteo Bertozzi added a comment -

          truncate preserve only preserve the set of region splits.
          Since the shell does a delete table + create table that will always remove the ACLs
          HBASE-8332 fixed the problem by adding a truncate API which bypass the delete table/acls.

          Show
          mbertozzi Matteo Bertozzi added a comment - truncate preserve only preserve the set of region splits. Since the shell does a delete table + create table that will always remove the ACLs HBASE-8332 fixed the problem by adding a truncate API which bypass the delete table/acls.
          Hide
          jmspaggi Jean-Marc Spaggiari added a comment -

          Just to be clear, I was not saying that preserve did or did not preserved privileges, was just that we might want to look it too.

          So for the purpose of this patch, should Honguy simply update ruby scripts to call the new API provided by HBASE-8332? Might be cleaner than having 2 implementations (One in ruby one in java) for the same feature?

          Show
          jmspaggi Jean-Marc Spaggiari added a comment - Just to be clear, I was not saying that preserve did or did not preserved privileges, was just that we might want to look it too. So for the purpose of this patch, should Honguy simply update ruby scripts to call the new API provided by HBASE-8332 ? Might be cleaner than having 2 implementations (One in ruby one in java) for the same feature?
          Hide
          apurtell Andrew Purtell added a comment -

          Dup of HBASE-11596 (which itself is at least partially a dup of HBASE-8332, but would need a backport to 0.94)

          Show
          apurtell Andrew Purtell added a comment - Dup of HBASE-11596 (which itself is at least partially a dup of HBASE-8332 , but would need a backport to 0.94)
          Hide
          jmspaggi Jean-Marc Spaggiari added a comment -

          Then should this JIRA be considered as a rebase of HBASE-11596 on 0.94?

          Show
          jmspaggi Jean-Marc Spaggiari added a comment - Then should this JIRA be considered as a rebase of HBASE-11596 on 0.94?
          Hide
          mbertozzi Matteo Bertozzi added a comment -

          you can't backport that, since it will change the behavior of truncate.
          and if you want to keep the compatibility, you'll end up with older clients behaving in a way and the new clients in a different way.

          Show
          mbertozzi Matteo Bertozzi added a comment - you can't backport that, since it will change the behavior of truncate. and if you want to keep the compatibility, you'll end up with older clients behaving in a way and the new clients in a different way.
          Hide
          jmspaggi Jean-Marc Spaggiari added a comment -

          Got it. So should we implement something like trunc_with_permission? To keep existing behavior and have the option. Or since it's only 0.94 we will simply keep it the way it is and recommend people to move to 0.98?

          Show
          jmspaggi Jean-Marc Spaggiari added a comment - Got it. So should we implement something like trunc_with_permission? To keep existing behavior and have the option. Or since it's only 0.94 we will simply keep it the way it is and recommend people to move to 0.98?
          Hide
          apurtell Andrew Purtell added a comment -

          Dup of HBASE-12142

          Show
          apurtell Andrew Purtell added a comment - Dup of HBASE-12142

            People

            • Assignee:
              Unassigned
              Reporter:
              hongyu.bi hongyu bi
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development