Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17472

Correct the semantic of permission grant

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4.0, 2.0.0
    • 1.4.0, 2.0.0
    • Admin
    • None
    • Incompatible change, Reviewed
    • Hide
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.
      Show
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.

    Description

      Currently, HBase grant operation has following semantic:

      hbase(main):019:0> grant 'hbase_tst', 'RW', 'ycsb'
      0 row(s) in 0.0960 seconds
      
      hbase(main):020:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                                                                                                                               
       hbase_tst                                                   default,ycsb,,: [Permission:actions=READ,WRITE]                                                                                                                                                                                                           
      1 row(s) in 0.0550 seconds
      
      hbase(main):021:0> grant 'hbase_tst', 'CA', 'ycsb'
      0 row(s) in 0.0820 seconds
      
      hbase(main):022:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                       
       hbase_tst                                                   default,ycsb,,: [Permission: actions=CREATE,ADMIN]                                                                                                                                
      1 row(s) in 0.0490 seconds
      
      

      Later permission will replace previous granted permissions, which confused most of HBase administrator.

      It's seems more reasonable that HBase merge multiple granted permission.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            openinx Zheng Hu Assign to me
            openinx Zheng Hu
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment