Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-5352 ACL improvements
  3. HBASE-6086

Admin operations on a table should be authorized against table permissions instead of global permissions.

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 0.94.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
    • Tags:
      Huawei security

      Description

      Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.

      +  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
      +      byte[] tableName) throws IOException {
      +    if (isActiveUserTableOwner(e, tableName)) {
      +      requirePermission(Permission.Action.CREATE);
      +    } else {
      +      requirePermission(Permission.Action.ADMIN);
      +    }
      +  }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lakshman Laxman
                Reporter:
                lakshman Laxman
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: