Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Why does a user need CREATE permission for "list" command on hbase shell?

Solved Go to solution

Re: Why does a user need CREATE permission for "list" command on hbase shell?

Explorer

@Enis Thank you for your reply and detail.

I underrstood that the list command requires ADMIN or CREATE and it is need to fix this in HBase if I get the list or description of the tables by READ permission.

How do you think that there are many accounts who can excecute hbase shell commands on HBase?

I think users would like to know the table name and get the list of tables by the list command. I also think that the administrator does not want to give a lot of users ADMIN or CREATE permissions.

For this reason, I thought READ permisson was better for the list command.

Highlighted

Re: Why does a user need CREATE permission for "list" command on hbase shell?

Guru

It seems we have made an explicit decision that getting the table descriptor should only be allowed for A or C permission, while getting the name of the table is allowed for all RWACE privileges. The discussion happened here: https://issues.apache.org/jira/browse/HBASE-12564?focusedCommentId=14234504&page=com.atlassian.jira....

However, in shell, the "list" command still uses the version that requires A or C. I've opened up a jira to fix this: https://issues.apache.org/jira/browse/HBASE-15147. Feel free to comment there if you want.

Re: Why does a user need CREATE permission for "list" command on hbase shell?

Explorer

Thank you so much for your kindness.

I'll read jira pages and comment if there is something I want to say.

Don't have an account?
Coming from Hortonworks? Activate your account here