Details
Description
It depends on the order of which region be opened first.
Suppose we have one 1 regionserver and only 1 user region REGION-A on this server, acl region was on another regionserver. acl was opened a few seconds before REGION-A.
The global authorization data read from Zookeeper was overwritten by the data read from configuration.
private TableAuthManager(ZooKeeperWatcher watcher, Configuration conf) throws IOException { this.conf = conf; this.zkperms = new ZKPermissionWatcher(watcher, this, conf); try { // Read global authorization data from zookeeper. this.zkperms.start(); } catch (KeeperException ke) { LOG.error("ZooKeeper initialization failed", ke); } // It will overwrite globalCache. // initialize global permissions based on configuration globalCache = initGlobal(conf); }
This issue can be easily reproduced by below steps:
1. Start a cluster with 3 regionservers.
2. Create a new table T1.
3. grant a new user USER-A with global authorization.
4. Kill 1 regionserver RS3 and switch balance off.
5. Start regionserver RS3.
6. Assign region T1 to RS3.
7. Put data with user USER-A.