Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17472

Correct the semantic of permission grant

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4.0, 2.0.0
    • 1.4.0, 2.0.0
    • Admin
    • None
    • Incompatible change, Reviewed
    • Hide
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.
      Show
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.

    Description

      Currently, HBase grant operation has following semantic:

      hbase(main):019:0> grant 'hbase_tst', 'RW', 'ycsb'
      0 row(s) in 0.0960 seconds
      
      hbase(main):020:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                                                                                                                               
       hbase_tst                                                   default,ycsb,,: [Permission:actions=READ,WRITE]                                                                                                                                                                                                           
      1 row(s) in 0.0550 seconds
      
      hbase(main):021:0> grant 'hbase_tst', 'CA', 'ycsb'
      0 row(s) in 0.0820 seconds
      
      hbase(main):022:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                       
       hbase_tst                                                   default,ycsb,,: [Permission: actions=CREATE,ADMIN]                                                                                                                                
      1 row(s) in 0.0490 seconds
      
      

      Later permission will replace previous granted permissions, which confused most of HBase administrator.

      It's seems more reasonable that HBase merge multiple granted permission.

      Attachments

        1. HBASE-17472.v1.patch
          43 kB
          Zheng Hu
        2. HBASE-17472.v2.patch
          42 kB
          Zheng Hu
        3. HBASE-17472.v3.patch
          44 kB
          Zheng Hu
        4. HBASE-17472.v4.patch
          44 kB
          Zheng Hu
        5. HBASE-17472.v5.patch
          46 kB
          Zheng Hu
        6. HBASE-17472.master.v6.patch
          45 kB
          Zheng Hu
        7. HBASE-17472.master.v6.patch
          45 kB
          Zheng Hu
        8. HBASE-17472.branch-1.3.v6.patch
          47 kB
          Zheng Hu
        9. HBASE-17472.branch-1.v6.patch
          47 kB
          Zheng Hu
        10. HBASE-17472.branch-1.v7.patch
          48 kB
          Zheng Hu
        11. HBASE-17472.master.v7.patch
          42 kB
          Zheng Hu

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            openinx Zheng Hu
            openinx Zheng Hu
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment