Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17472

Correct the semantic of permission grant

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.0, 2.0.0
    • Fix Version/s: 1.4.0, 2.0.0
    • Component/s: Admin
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Hide
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.
      Show
      Before this patch, later granted permissions will override previous granted permissions, and previous granted permissions LOST. this issue re-define grant semantic: for master branch, later granted permissions will merge with previous granted permissions. for branch-1.4, grant keep override behavior for compatibility purpose, and a grant with mergeExistingPermission flag provided.

      Description

      Currently, HBase grant operation has following semantic:

      hbase(main):019:0> grant 'hbase_tst', 'RW', 'ycsb'
      0 row(s) in 0.0960 seconds
      
      hbase(main):020:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                                                                                                                               
       hbase_tst                                                   default,ycsb,,: [Permission:actions=READ,WRITE]                                                                                                                                                                                                           
      1 row(s) in 0.0550 seconds
      
      hbase(main):021:0> grant 'hbase_tst', 'CA', 'ycsb'
      0 row(s) in 0.0820 seconds
      
      hbase(main):022:0> user_permission 'ycsb'
      User                                                         Namespace,Table,Family,Qualifier:Permission                                                                                                                                       
       hbase_tst                                                   default,ycsb,,: [Permission: actions=CREATE,ADMIN]                                                                                                                                
      1 row(s) in 0.0490 seconds
      
      

      Later permission will replace previous granted permissions, which confused most of HBase administrator.

      It's seems more reasonable that HBase merge multiple granted permission.

        Attachments

        1. HBASE-17472.branch-1.3.v6.patch
          47 kB
          Zheng Hu
        2. HBASE-17472.branch-1.v6.patch
          47 kB
          Zheng Hu
        3. HBASE-17472.branch-1.v7.patch
          48 kB
          Zheng Hu
        4. HBASE-17472.master.v6.patch
          45 kB
          Zheng Hu
        5. HBASE-17472.master.v6.patch
          45 kB
          Zheng Hu
        6. HBASE-17472.master.v7.patch
          42 kB
          Zheng Hu
        7. HBASE-17472.v1.patch
          43 kB
          Zheng Hu
        8. HBASE-17472.v2.patch
          42 kB
          Zheng Hu
        9. HBASE-17472.v3.patch
          44 kB
          Zheng Hu
        10. HBASE-17472.v4.patch
          44 kB
          Zheng Hu
        11. HBASE-17472.v5.patch
          46 kB
          Zheng Hu

          Activity

            People

            • Assignee:
              openinx Zheng Hu
              Reporter:
              openinx Zheng Hu

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment