Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-5352 ACL improvements
  3. HBASE-6086

Admin operations on a table should be authorized against table permissions instead of global permissions.

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 0.94.0
    • None
    • security
    • Huawei security

    Description

      Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.

      +  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
+      byte[] tableName) throws IOException {
+    if (isActiveUserTableOwner(e, tableName)) {
+      requirePermission(Permission.Action.CREATE);
+    } else {
+      requirePermission(Permission.Action.ADMIN);
+    }
+  }

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue HBASE-5372 Table mutation operations should check table level rights, not global rights

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-6068 Secure HBase cluster : Client not able to call some admin APIs

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              lakshman Laxman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: