Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-22581

user with "CREATE" permission can grant, but not revoke permissions on created table

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.1, 2.1.5
    • Fix Version/s: 2.1.6
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      A user that only has global or namespace "CREATE" permission can grant permissions to another user on its created table, but cannot revoke them.

      This bug exists on branch-2.1, from 2.1.1 

      2.0, 2.1.0, master, and branch-2.2 are not effected.

      The bug can be triggered via hbase shell:

      #Start hbase shell as superuse 
      #export HADOOP_USER_NAME=hbase 
      hbase shell
      grant 'regularUser1', 'C'
      exit
      #Run hbase shell as regularUser1
      #grant, then revoke 'RX' permission to regularUser2
      #export HADOOP_USER_NAME=regularUser1
      hbase shell
      create 'nunuke','nunuke'
      grant 'regularUser2', 'RX', 'nunuke'
      #This will fail on 2.1.1+
      revoke 'regularUser2', 'nunuke'
      

        Attachments

        1. HBASE-22581.branch-2.1.001.patch
          4 kB
          István Tóth
        2. HBASE-22581.master.001.patch
          2 kB
          István Tóth
        3. HBASE-22581.branch-2.1.002.patch
          4 kB
          István Tóth
        4. HBASE-22581.branch-2.1.003.patch
          4 kB
          István Tóth
        5. HBASE-22581.branch-2.1.004.patch
          4 kB
          István Tóth
        6. HBASE-22581.branch-2.1.005.patch
          4 kB
          István Tóth

          Issue Links

            Activity

              People

              • Assignee:
                stoty István Tóth
                Reporter:
                stoty István Tóth
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: