Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-5787

Table owner can't disable/delete his/her own table

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.92.1, 0.94.0, 0.95.2
    • Fix Version/s: 0.94.0, 0.95.0
    • Component/s: security
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      An user with CREATE privileges can create a table, but can not disable it, because disable operation require ADMIN privileges. Also if a table is already disabled, anyone can remove it.

      public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
          byte[] tableName) throws IOException {
        requirePermission(Permission.Action.CREATE);
      }
      
      public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
          byte[] tableName) throws IOException {
        /* TODO: Allow for users with global CREATE permission and the table owner */
        requirePermission(Permission.Action.ADMIN);
      }
      

        Attachments

        1. HBASE-5787-tests-wrong-names.patch
          2 kB
          Matteo Bertozzi
        2. HBASE-5787-v0.patch
          2 kB
          Matteo Bertozzi
        3. HBASE-5787-v1.patch
          5 kB
          Matteo Bertozzi

          Activity

            People

            • Assignee:
              mbertozzi Matteo Bertozzi
              Reporter:
              mbertozzi Matteo Bertozzi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: