Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13359 Update ACL matrix to include table owner.

This commit is contained in:
Srikanth Srungarapu 2015-04-26 20:13:23 -07:00
parent 75507af9f8
commit 4182fc1a9b
1 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
View File

@ -81,77 +81,77 @@ In case the table goes out of date, the unit tests which check for accuracy of p
|=== |===
| Interface | Operation | Permissions | Interface | Operation | Permissions
| Master | createTable | superuser\|global\(C)\|NS\(C) | Master | createTable | superuser\|global\(C)\|NS\(C)
| | modifyTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | modifyTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | deleteTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | deleteTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | truncateTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | truncateTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | addColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | addColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | modifyColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)\|column(A)\|column\(C) | | modifyColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)\|column(A)\|column\(C)
| | deleteColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C)\|column(A)\|column\(C) | | deleteColumn | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)\|column(A)\|column\(C)
| | enableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | enableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | disableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | disableTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | disableAclTable | Not allowed | | disableAclTable | Not allowed
| | move | superuser\|global(A)\|NS(A)\|Table(A) | | move | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | assign | superuser\|global(A)\|NS(A)\|Table(A) | | assign | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | unassign | superuser\|global(A)\|NS(A)\|Table(A) | | unassign | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | regionOffline | superuser\|global(A)\|NS(A)\|Table(A) | | regionOffline | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | balance | superuser\|global(A) | | balance | superuser\|global(A)
| | balanceSwitch | superuser\|global(A) | | balanceSwitch | superuser\|global(A)
| | shutdown | superuser\|global(A) | | shutdown | superuser\|global(A)
| | stopMaster | superuser\|global(A) | | stopMaster | superuser\|global(A)
| | snapshot | superuser\|global(A)\|NS(A)\|Table(A) | | snapshot | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | listSnapshot | superuser\|global(A)\|SnapshotOwner | | listSnapshot | superuser\|global(A)\|SnapshotOwner
| | cloneSnapshot | superuser\|global(A) | | cloneSnapshot | superuser\|global(A)
| | restoreSnapshot | superuser\|global(A)\|SnapshotOwner & (NS(A)\|Table(A)) | | restoreSnapshot | superuser\|global(A)\|SnapshotOwner & (NS(A)\|TableOwner\|table(A))
| | deleteSnapshot | superuser\|global(A)\|SnapshotOwner | | deleteSnapshot | superuser\|global(A)\|SnapshotOwner
| | createNamespace | superuser\|global(A) | | createNamespace | superuser\|global(A)
| | deleteNamespace | superuser\|global(A) | | deleteNamespace | superuser\|global(A)
| | modifyNamespace | superuser\|global(A) | | modifyNamespace | superuser\|global(A)
| | getNamespaceDescriptor | superuser\|global(A)\|NS(A) | | getNamespaceDescriptor | superuser\|global(A)\|NS(A)
| | listNamespaceDescriptors* | superuser\|global(A)\|NS(A) | | listNamespaceDescriptors* | superuser\|global(A)\|NS(A)
| | flushTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS(\C)\|table(A)\|table\(C) | | flushTable | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | getTableDescriptors* | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|table(A)\|table\(C) | | getTableDescriptors* | superuser\|global(A)\|global\(C)\|NS(A)\|NS\(C)\|TableOwner\|table(A)\|table\(C)
| | getTableNames* | Any global or table perm | | getTableNames* | superuser\|TableOwner\|Any global or table perm
| | setUserQuota(global level) | superuser\|global(A) | | setUserQuota(global level) | superuser\|global(A)
| | setUserQuota(namespace level) | superuser\|global(A) | | setUserQuota(namespace level) | superuser\|global(A)
| | setUserQuota(Table level) | superuser\|global(A)\|NS(A)\|Table(A) | | setUserQuota(Table level) | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | setTableQuota | superuser\|global(A)\|NS(A)\|Table(A) | | setTableQuota | superuser\|global(A)\|NS(A)\|TableOwner\|table(A)
| | setNamespaceQuota | superuser\|global(A) | | setNamespaceQuota | superuser\|global(A)
| Region | openRegion | superuser\|global(A) | Region | openRegion | superuser\|global(A)
| | closeRegion | superuser\|global(A) | | closeRegion | superuser\|global(A)
| | flush | superuser\|global(A)\|global\(C)\|table(A)\|table\(C) | | flush | superuser\|global(A)\|global\(C)\|TableOwner\|table(A)\|table\(C)
| | split | superuser\|global(A)\|Table(A) | | split | superuser\|global(A)\|TableOwner\|TableOwner\|table(A)
| | compact | superuser\|global(A)\|global\(C)\|table(A)\|table\(C) | | compact | superuser\|global(A)\|global\(C)\|TableOwner\|table(A)\|table\(C)
| | getClosestRowBefore | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | getClosestRowBefore | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | getOp | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | getOp | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | exists | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | exists | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | put | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | put | superuser\|global(W)\|NS(W)\|table(W)\|TableOwner\|CF(W)\|CQ(W)
| | delete | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | delete | superuser\|global(W)\|NS(W)\|table(W)\|TableOwner\|CF(W)\|CQ(W)
| | batchMutate | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | batchMutate | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | checkAndPut | superuser\|global(RW)\|NS(RW)\|Table(RW)\|CF(RW)\|CQ(RW) | | checkAndPut | superuser\|global(RW)\|NS(RW)\|TableOwner\|table(RW)\|CF(RW)\|CQ(RW)
| | checkAndPutAfterRowLock | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | checkAndPutAfterRowLock | superuser\|global\(R)\|NS\(R)\|TableOwner\|Table\(R)\|CF\(R)\|CQ\(R)
| | checkAndDelete | superuser\|global(RW)\|NS(RW)\|Table(RW)\|CF(RW)\|CQ(RW) | | checkAndDelete | superuser\|global(RW)\|NS(RW)\|TableOwner\|table(RW)\|CF(RW)\|CQ(RW)
| | checkAndDeleteAfterRowLock | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | checkAndDeleteAfterRowLock | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | incrementColumnValue | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | incrementColumnValue | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | append | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | append | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | appendAfterRowLock | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | appendAfterRowLock | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | increment | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | increment | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | incrementAfterRowLock | superuser\|global(W)\|NS(W)\|Table(W)\|CF(W)\|CQ(W) | | incrementAfterRowLock | superuser\|global(W)\|NS(W)\|TableOwner\|table(W)\|CF(W)\|CQ(W)
| | scannerOpen | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | scannerOpen | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | scannerNext | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | scannerNext | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | scannerClose | superuser\|global\(R)\|NS\(R)\|Table\(R)\|CF\(R)\|CQ\(R) | | scannerClose | superuser\|global\(R)\|NS\(R)\|TableOwner\|table\(R)\|CF\(R)\|CQ\(R)
| | bulkLoadHFile | superuser\|global\(C)\|table\(C)\|CF\(C) | | bulkLoadHFile | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
| | prepareBulkLoad | superuser\|global\(C)\|table\(C)\|CF\(C) | | prepareBulkLoad | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
| | cleanupBulkLoad | superuser\|global\(C)\|table\(C)\|CF\(C) | | cleanupBulkLoad | superuser\|global\(C)\|TableOwner\|table\(C)\|CF\(C)
| Endpoint | invoke | superuser\|global(X)\|NS(X)\|Table(X) | Endpoint | invoke | superuser\|global(X)\|NS(X)\|TableOwner\|table(X)
| AccessController | grant(global level) | global(A) | AccessController | grant(global level) | global(A)
| | grant(namespace level) | global(A)\|NS(A) | | grant(namespace level) | global(A)\|NS(A)
| | grant(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A) | | grant(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
| | revoke(global level) | global(A) | | revoke(global level) | global(A)
| | revoke(namespace level) | global(A)\|NS(A) | | revoke(namespace level) | global(A)\|NS(A)
| | revoke(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A) | | revoke(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
| | getUserPermissions(global level) | global(A) | | getUserPermissions(global level) | global(A)
| | getUserPermissions(namespace level) | global(A)\|NS(A) | | getUserPermissions(namespace level) | global(A)\|NS(A)
| | getUserPermissions(table level) | global(A)\|NS(A)\|table(A)\|CF(A)\|CQ(A) | | getUserPermissions(table level) | global(A)\|NS(A)\|TableOwner\|table(A)\|CF(A)\|CQ(A)
| RegionServer | stopRegionServer | superuser\|global(A) | RegionServer | stopRegionServer | superuser\|global(A)
| | mergeRegions | superuser\|global(A) | | mergeRegions | superuser\|global(A)
| | rollWALWriterRequest | superuser\|global(A) | | rollWALWriterRequest | superuser\|global(A)