Index: security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java =================================================================== --- security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (revision 1588952) +++ security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (working copy) @@ -546,8 +546,8 @@ } }; - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); - verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); + verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE); + verifyDenied(action, USER_RW, USER_RO, USER_NONE); } @Test @@ -559,8 +559,8 @@ } }; - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); - verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); + verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE); + verifyDenied(action, USER_RW, USER_RO, USER_NONE); } @Test @@ -742,7 +742,8 @@ return null; } }; - verifyWrite(bulkLoadAction); + verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE); + verifyDenied(bulkLoadAction, USER_RW, USER_RO, USER_NONE); // Reinit after the bulk upload TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE); @@ -805,6 +806,7 @@ HTable table = new HTable(conf, tableName); try { TEST_UTIL.waitTableAvailable(tableName, 30000); + conf.setBoolean("hbase.mapreduce.bulkload.assign.sequenceNumbers", true); LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf); loader.doBulkLoad(loadPath, table); } finally { Index: security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java =================================================================== --- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (revision 1588952) +++ security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (working copy) @@ -830,7 +830,8 @@ @Override public void preFlush(ObserverContext e) throws IOException { - requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN); + requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN, + Action.CREATE); } @Override @@ -841,7 +842,8 @@ @Override public InternalScanner preCompact(ObserverContext e, final Store store, final InternalScanner scanner) throws IOException { - requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN); + requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN, + Action.CREATE); return scanner; } @@ -1091,7 +1093,7 @@ for(Pair el : familyPaths) { cfs.add(el.getFirst()); } - requirePermission("bulkLoadHFile", Permission.Action.WRITE, ctx.getEnvironment(), cfs); + requirePermission("bulkLoadHFile", Permission.Action.CREATE, ctx.getEnvironment(), cfs); } private AuthResult hasSomeAccess(RegionCoprocessorEnvironment e, String request, Action action) throws IOException {