Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
0.94.4, 0.95.2
-
None
-
None
Description
The shell commands for security are rudimentary and should be improved. The commands we have need to be updated for the "AccessController v2" changes. The distinction between the shell and the Java (admin) API is blurry because our shell is JRuby but it makes sense to provide some convenient shortcuts for common actions.
At a minimum the current set of commands should validate their arguments.
'revoke' should be improved so all access for a given user can be conveniently revoked with one command, as opposed to requiring a specific revoke for every previous grant. This may involve interaction with a master mediated transaction or barrier framework.
Once HBASE-6222 is in, it should be possible to conveniently construct ACLs and add them to DML ops like put and delete; and there should be support for dumping ACLs at the cell level too.
Also, I observed 'user_permission' fail with NPEs on a colleague's workstation recently. It could have been the local environment, but I suspect there may be some rot here.
Attachments
Issue Links
- is blocked by
-
-
- Closed
-
- relates to
-
HBASE-5343 Access control API in HBaseAdmin.java
-
- Closed
-