[HBASE-5787] Table owner can't disable/delete his/her own table - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.92.1, 0.94.0, 0.95.2
Fix Version/s: 0.94.0, 0.95.0
Component/s: security
Labels:
- acl
- security

Hadoop Flags:

Reviewed

Description

An user with CREATE privileges can create a table, but can not disable it, because disable operation require ADMIN privileges. Also if a table is already disabled, anyone can remove it.

public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
    byte[] tableName) throws IOException {
  requirePermission(Permission.Action.CREATE);
}

public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
    byte[] tableName) throws IOException {
  /* TODO: Allow for users with global CREATE permission and the table owner */
  requirePermission(Permission.Action.ADMIN);
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-5787-v1.patch
15/Apr/12 14:13
5 kB
Matteo Bertozzi
HBASE-5787-v0.patch
13/Apr/12 22:47
2 kB
Matteo Bertozzi
HBASE-5787-tests-wrong-names.patch
15/Apr/12 10:42
2 kB
Matteo Bertozzi

Activity

People

Assignee:: Matteo Bertozzi

Reporter:: Matteo Bertozzi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Apr/12 22:47

Updated:: 26/Feb/13 17:02

Resolved:: 23/Apr/12 16:39