Created 01-20-2016 05:57 AM
Is READ permission not suitable?
Created 01-20-2016 06:27 PM
This is a great question. The list command for getting the list of tables or getting the "description" of the tables requires ADMIN or CREATE privileges as of now. The full list of tables is filtered to only return the subset of tables that the user have A or C. There is an alternative master RPC command though to get a list of tables that will return the table name, but not the descriptor if you only have READ or WRITE permissions.
I think we need to fix this in HBase itself. Logically, if you have READ or WRITE access to the table, you should be able to get the table descriptor as well.
Created 01-20-2016 01:41 PM
read permission is per table, list applies to all tables, you'll need a read permission on all tables otherwise.
Created 01-20-2016 03:41 PM
Thank you for your reply.
I got read permission on all tables, but I couldn't show tables by list command.
Created 01-20-2016 03:49 PM
there must be an explanation but on reference page it does not clarify, I feel your pain. Perhaps it has to do with namespace permissions also. @Enis @Devaraj Das @vrodionov @nmaillard
Created 01-21-2016 04:19 AM
Created 01-20-2016 02:21 PM
Please see this http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html "good doc on permissions"
Only the superuser is allowed to create tables.
Permissions can be granted in any of the following scopes, though CREATE and ADMIN permissions are effective only at table scope.
Created 01-20-2016 03:56 PM
Thank you for your reply and the link.
I understand that read permission enables me to just read column family at the table scope not for reading tables. Is it right?
Created 01-20-2016 03:58 PM
Table level read = read only CF
CF read = Data
grant <user> <permissions>[ <table>[ <column family>[ <column qualifier> ] ] ] #grants permissions revoke <user> <permissions> [ <table> [ <column family> [ <column qualifier> ] ] ] # revokes permissions user_permission <table> # displays existing permissions
Created 01-21-2016 02:23 AM
Thank you for the details. I could understand clearly.
Created 01-20-2016 06:27 PM
This is a great question. The list command for getting the list of tables or getting the "description" of the tables requires ADMIN or CREATE privileges as of now. The full list of tables is filtered to only return the subset of tables that the user have A or C. There is an alternative master RPC command though to get a list of tables that will return the table name, but not the descriptor if you only have READ or WRITE permissions.
I think we need to fix this in HBase itself. Logically, if you have READ or WRITE access to the table, you should be able to get the table descriptor as well.