Index: src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java =================================================================== --- src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java (revision 1337486) +++ src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java (working copy) @@ -41,6 +41,9 @@ import org.apache.hadoop.hbase.regionserver.HRegion; import org.apache.hadoop.hbase.regionserver.InternalScanner; import org.apache.hadoop.hbase.regionserver.StoreFile; +import org.apache.hadoop.hbase.filter.CompareFilter.CompareOp; +import org.apache.hadoop.hbase.filter.RegexStringComparator; +import org.apache.hadoop.hbase.filter.QualifierFilter; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.io.Text; @@ -215,6 +218,75 @@ } /** + * Remove specified table from the _acl_ table. + */ + static void removeTablePermissions(Configuration conf, byte[] tableName) + throws IOException{ + Delete d = new Delete(tableName); + + if (LOG.isDebugEnabled()) { + LOG.debug("Removing permissions of removed table "+ Bytes.toString(tableName)); + } + + HTable acls = null; + try { + acls = new HTable(conf, ACL_TABLE_NAME); + acls.delete(d); + } finally { + if (acls != null) acls.close(); + } + } + + /** + * Remove specified table column from the _acl_ table. + */ + static void removeTablePermissions(Configuration conf, byte[] tableName, byte[] column) + throws IOException{ + + if (LOG.isDebugEnabled()) { + LOG.debug("Removing permissions of removed column " + Bytes.toString(column) + + " from table "+ Bytes.toString(tableName)); + } + + HTable acls = null; + ResultScanner scanner = null; + try { + acls = new HTable(conf, ACL_TABLE_NAME); + + Scan scan = new Scan(); + scan.addFamily(ACL_LIST_FAMILY); + + String columnName = Bytes.toString(column); + scan.setFilter(new QualifierFilter(CompareOp.EQUAL, new RegexStringComparator( + String.format("(%s%s%s)|(%s%s)$", + ACL_KEY_DELIMITER, columnName, ACL_KEY_DELIMITER, + ACL_KEY_DELIMITER, columnName)))); + + Set qualifierSet = new TreeSet(Bytes.BYTES_COMPARATOR); + scanner = acls.getScanner(scan); + for (Result res : scanner) { + for (byte[] q : res.getFamilyMap(ACL_LIST_FAMILY).navigableKeySet()) { + qualifierSet.add(q); + } + } + + if (qualifierSet.size() > 0) { + Delete d = new Delete(tableName); + for (byte[] qualifier : qualifierSet) { + d.deleteColumns(ACL_LIST_FAMILY, qualifier); + } + acls.delete(d); + } + } finally { + try { + if (scanner != null) scanner.close(); + } finally { + if (acls != null) acls.close(); + } + } + } + + /** * Returns {@code true} if the given region is part of the {@code _acl_} * metadata table. */ Index: src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java =================================================================== --- src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (revision 1337486) +++ src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (working copy) @@ -513,7 +513,9 @@ } @Override public void postDeleteTable(ObserverContext c, - byte[] tableName) throws IOException {} + byte[] tableName) throws IOException { + AccessControlLists.removeTablePermissions(c.getEnvironment().getConfiguration(), tableName); + } @Override @@ -553,7 +555,10 @@ } @Override public void postDeleteColumn(ObserverContext c, - byte[] tableName, byte[] col) throws IOException {} + byte[] tableName, byte[] col) throws IOException { + AccessControlLists.removeTablePermissions(c.getEnvironment().getConfiguration(), + tableName, col); + } @Override