Index: hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java =================================================================== --- hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (revision 1588089) +++ hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (working copy) @@ -1133,7 +1133,8 @@ @Override public void preFlush(ObserverContext e) throws IOException { - requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN); + requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN, + Action.CREATE); } @Override @@ -1151,7 +1152,8 @@ public InternalScanner preCompact(ObserverContext e, final Store store, final InternalScanner scanner, final ScanType scanType) throws IOException { - requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN); + requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN, + Action.CREATE); return scanner; } @@ -1468,7 +1470,7 @@ ctx.getEnvironment().getRegion().getTableDesc().getTableName(), el.getFirst(), null, - Permission.Action.WRITE); + Action.CREATE); } } Index: hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java =================================================================== --- hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (revision 1588089) +++ hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (working copy) @@ -616,8 +616,8 @@ } }; - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); - verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); + verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE); + verifyDenied(action, USER_RW, USER_RO, USER_NONE); } @Test @@ -631,8 +631,8 @@ } }; - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); - verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); + verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE); + verifyDenied(action, USER_RW, USER_RO, USER_NONE); } @Test