Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-15465

userPermission returned by getUserPermission() for the selected namespace does not have namespace set


    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.3.0, 1.2.2, 0.98.20, 2.0.0
    • Component/s: Protobufs
    • Labels:


      The request sent is with type = Namespace, but the response returned contains Global permissions (that is, the field of namespace is not set)

      It is in hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java, from line 2380, and I made some comments into it

         * A utility used to get permissions for selected namespace.
         * <p>
         * It's also called by the shell, in case you want to find references.
         * @param protocol the AccessControlService protocol proxy
         * @param namespace name of the namespace
         * @throws ServiceException
        public static List<UserPermission> getUserPermissions(
            AccessControlService.BlockingInterface protocol,
            byte[] namespace) throws ServiceException {
          AccessControlProtos.GetUserPermissionsRequest.Builder builder =
          if (namespace != null) {
          builder.setType(AccessControlProtos.Permission.Type.Namespace);  //builder is set with type = Namespace
          AccessControlProtos.GetUserPermissionsRequest request = builder.build();  //I printed the request, its type is Namespace, which is correct.
          AccessControlProtos.GetUserPermissionsResponse response =  
             protocol.getUserPermissions(null, request);
      /* I printed the response, it contains Global permissions, as below, not a Namespace permission.
      user_permission {
        user: "a1"
        permission {
          type: Global
          global_permission {
            action: READ
            action: WRITE
            action: ADMIN
            action: EXEC
            action: CREATE
      AccessControlProtos.GetUserPermissionsRequest has a member called type_ to store the type, but AccessControlProtos.GetUserPermissionsResponse does not.
          List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
          for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
            perms.add(ProtobufUtil.toUserPermission(perm));  // (1)
          return perms;

      it could be more reasonable to return user permissions with namespace set in getUserPermission() for selected namespace ?


        1. HBASE-15465-master-v2.patch
          3 kB
          Xiang Li
        2. HBASE-15465.patch.v1
          2 kB
          Xiang Li
        3. HBASE-15465.patch.v0
          2 kB
          Xiang Li

          Issue Links



              • Assignee:
                water Xiang Li
                water Xiang Li
              • Votes:
                0 Vote for this issue
                6 Start watching this issue


                • Created: