accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject [6/9] git commit: ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096 refactoring namespace translation out of security operations to fix security randomwalk
Date Thu, 30 Jan 2014 21:57:21 GMT
ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096 refactoring namespace translation out of security operations to fix security randomwalk


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/90e1f22a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/90e1f22a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/90e1f22a

Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 90e1f22a1833baad0f986f2100c6ecb5662a8a8f
Parents: f0448ff
Author: John Vines <vines@apache.org>
Authored: Thu Jan 30 16:00:23 2014 -0500
Committer: John Vines <vines@apache.org>
Committed: Thu Jan 30 16:00:23 2014 -0500

----------------------------------------------------------------------
 .../server/client/ClientServiceHandler.java     |  11 +-
 .../security/AuditedSecurityOperation.java      |  52 +++----
 .../server/security/SecurityOperation.java      | 139 ++++++++-----------
 .../accumulo/master/FateServiceHandler.java     |  61 +++++---
 .../java/org/apache/accumulo/master/Master.java |   2 +-
 .../master/MasterClientServiceHandler.java      |  12 +-
 .../accumulo/master/tableOps/CloneTable.java    |   4 +-
 .../accumulo/master/tableOps/CreateTable.java   |   4 +-
 .../accumulo/master/tableOps/DeleteTable.java   |   2 +-
 .../accumulo/master/tableOps/ImportTable.java   |  10 +-
 .../apache/accumulo/tserver/TabletServer.java   |  24 ++--
 .../test/randomwalk/security/AlterTable.java    |   3 +-
 .../randomwalk/security/AlterTablePerm.java     |   2 +-
 .../test/randomwalk/security/DropTable.java     |   3 +-
 .../randomwalk/security/SecurityFixture.java    |   4 +-
 .../test/randomwalk/security/TableOp.java       |  11 +-
 .../randomwalk/security/WalkingSecurity.java    |   9 ++
 .../accumulo/test/ConditionalWriterIT.java      |   2 +-
 18 files changed, 195 insertions(+), 160 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
index ed8cbc6..9b39582 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
@@ -183,7 +183,9 @@ public class ClientServiceHandler implements ClientService.Iface {
   public void grantTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
       ThriftTableOperationException {
     String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
-    security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+    String namespaceId = Tables.getNamespace(instance, tableId); 
+
+    security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
   }
 
   @Override
@@ -202,7 +204,9 @@ public class ClientServiceHandler implements ClientService.Iface {
   public void revokeTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
       ThriftTableOperationException {
     String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
-    security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+    String namespaceId = Tables.getNamespace(instance, tableId); 
+
+    security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
   }
 
   @Override
@@ -401,7 +405,8 @@ public class ClientServiceHandler implements ClientService.Iface {
         // ensure that table table exists
         String tableId = checkTableId(instance, table, null);
         tableIds.add(tableId);
-        if (!security.canScan(credentials, tableId))
+        String namespaceId = Tables.getNamespace(instance, tableId);
+        if (!security.canScan(credentials, tableId, namespaceId))
           throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index 07492c6..d1fbdef 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -140,7 +140,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
   }
 
   @Override
-  public boolean canScan(TCredentials credentials, String tableId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+  public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
       Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
     if (shouldAudit(credentials, tableId)) {
       Range convertedRange = new Range(range);
@@ -148,7 +148,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
       String tableName = getTableName(tableId);
 
       try {
-        boolean canScan = super.canScan(credentials, tableId);
+        boolean canScan = super.canScan(credentials, tableId, namespaceId);
         audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
 
         return canScan;
@@ -157,14 +157,14 @@ public class AuditedSecurityOperation extends SecurityOperation {
         throw ex;
       }
     } else {
-      return super.canScan(credentials, tableId);
+      return super.canScan(credentials, tableId, namespaceId);
     }
   }
 
   public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
 
   @Override
-  public boolean canScan(TCredentials credentials, String tableId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+  public boolean canScan(TCredentials credentials, String tableId, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
       Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
     if (shouldAudit(credentials, tableId)) {
       @SuppressWarnings({"unchecked", "rawtypes"})
@@ -178,7 +178,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
       String tableName = getTableName(tableId);
 
       try {
-        boolean canScan = super.canScan(credentials, tableId);
+        boolean canScan = super.canScan(credentials, tableId, namespaceId);
         audit(credentials, canScan, CAN_SCAN_BATCH_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), truncated, convertedColumns, ssiList, ssio);
 
         return canScan;
@@ -187,7 +187,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
         throw ex;
       }
     } else {
-      return super.canScan(credentials, tableId);
+      return super.canScan(credentials, tableId, namespaceId);
     }
   }
 
@@ -247,10 +247,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
 
   @Override
-  public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     String tableName = getTableName(tableId);
     try {
-      boolean result = super.canDeleteTable(c, tableId);
+      boolean result = super.canDeleteTable(c, tableId, namespaceId);
       audit(c, result, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -262,9 +262,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
 
   @Override
-  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
     try {
-      boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName);
+      boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId);
       audit(c, result, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -276,10 +276,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
 
   @Override
-  public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+  public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String sourceNamespaceId) throws ThriftSecurityException {
     String oldTableName = getTableName(tableId);
     try {
-      boolean result = super.canCloneTable(c, tableId, tableName);
+      boolean result = super.canCloneTable(c, tableId, tableName, destinationNamespaceId, sourceNamespaceId);
       audit(c, result, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -291,9 +291,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
 
   @Override
-  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
     try {
-      boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow);
+      boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow,namespaceId);
       audit(c, result, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
       return result;
     } catch (ThriftSecurityException ex) {
@@ -305,9 +305,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
 
   @Override
-  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
+  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
     try {
-      boolean result = super.canBulkImport(c, tableId);
+      boolean result = super.canBulkImport(c, tableId, namespaceId);
       audit(c, result, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -319,10 +319,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
 
   @Override
-  public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+  public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
 
     try {
-      boolean result = super.canImport(credentials, tableName, importDir);
+      boolean result = super.canImport(credentials, tableName, importDir, namespaceId);
       audit(credentials, result, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -334,10 +334,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
 
   @Override
-  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
 
     try {
-      boolean result = super.canExport(credentials, tableId, tableName, exportDir);
+      boolean result = super.canExport(credentials, tableId, tableName, exportDir, namespaceId);
       audit(credentials, result, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -375,10 +375,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
 
   @Override
-  public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
     String tableName = getTableName(tableId);
     try {
-      super.grantTablePermission(credentials, user, tableId, permission);
+      super.grantTablePermission(credentials, user, tableId, permission, namespaceId);
       audit(credentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -403,10 +403,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
 
   @Override
-  public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
     String tableName = getTableName(tableId);
     try {
-      super.revokeTablePermission(credentials, user, tableId, permission);
+      super.revokeTablePermission(credentials, user, tableId, permission, namespaceId);
       audit(credentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -417,7 +417,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
   public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
 
   @Override
-  public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op) throws ThriftSecurityException {
+  public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
     String tableName = getTableName(tableId);
     String operation = null;
     if (op == FateOperation.TABLE_ONLINE)
@@ -425,7 +425,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
     if (op == FateOperation.TABLE_OFFLINE)
       operation = "offlineTable";
     try {
-      boolean result = super.canOnlineOfflineTable(credentials, tableId, op);
+      boolean result = super.canOnlineOfflineTable(credentials, tableId, op, namespaceId);
       audit(credentials, result, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
       return result;
     } catch (ThriftSecurityException ex) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index ad1fbc0..d44d3da 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -27,7 +27,6 @@ import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.client.admin.SecurityOperationsImpl;
 import org.apache.accumulo.core.client.impl.Namespaces;
-import org.apache.accumulo.core.client.impl.Tables;
 import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
@@ -246,20 +245,6 @@ public class SecurityOperation {
     return hasSystemPermissionWithNamespaceId(credentials, permission, null, useCached);
   }
 
-  private boolean hasSystemPermissionWithTableId(TCredentials credentials, SystemPermission permission, String tableId, boolean useCached)
-      throws ThriftSecurityException {
-    if (isSystemUser(credentials))
-      return true;
-    String namespaceId = null;
-    try {
-      namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.getNamespace(HdfsZooInstance.getInstance(), tableId));
-    } catch (NamespaceNotFoundException nnfe) {
-      // Don't care, we won't pay any attention to namespace permissions
-    }
-
-    return hasSystemPermissionWithNamespaceId(credentials, permission, namespaceId, useCached);
-  }
-
   /**
    * Checks if a user has a system permission
    * 
@@ -305,12 +290,11 @@ public class SecurityOperation {
    * 
    * @return true if a user exists and has permission; false otherwise
    */
-  protected boolean hasTablePermission(TCredentials credentials, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
+  protected boolean hasTablePermission(TCredentials credentials, String tableId, String namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException {
     if (isSystemUser(credentials))
       return true;
-    return _hasTablePermission(credentials.getPrincipal(), table, permission, useCached)
-        || _hasNamespacePermission(credentials.getPrincipal(), Tables.getNamespace(HdfsZooInstance.getInstance(), table),
-            NamespacePermission.getEquivalent(permission), useCached);
+    return _hasTablePermission(credentials.getPrincipal(), tableId, permission, useCached)
+        || _hasNamespacePermission(credentials.getPrincipal(), namespaceId, NamespacePermission.getEquivalent(permission), useCached);
   }
 
   /**
@@ -381,38 +365,38 @@ public class SecurityOperation {
     }
   }
 
-  public boolean canScan(TCredentials credentials, String table) throws ThriftSecurityException {
+  public boolean canScan(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials, table, TablePermission.READ, true);
+    return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, true);
   }
 
-  public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+  public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
       Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
-    return canScan(credentials, table);
+    return canScan(credentials, tableId, namespaceId);
   }
 
-  public boolean canScan(TCredentials credentials, String table, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+  public boolean canScan(TCredentials credentials, String table, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
       Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
-    return canScan(credentials, table);
+    return canScan(credentials, table, namespaceId);
   }
 
-  public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
+  public boolean canWrite(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials, table, TablePermission.WRITE, true);
+    return hasTablePermission(credentials, tableId, namespaceId, TablePermission.WRITE, true);
   }
 
-  public boolean canConditionallyUpdate(TCredentials credentials, String tableID, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+  public boolean canConditionallyUpdate(TCredentials credentials, String tableID, String namespaceId, List<ByteBuffer> authorizations) throws ThriftSecurityException {
 
     authenticate(credentials);
 
-    return hasTablePermission(credentials, tableID, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, TablePermission.READ, true);
+    return hasTablePermission(credentials, tableID, namespaceId, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, namespaceId, TablePermission.READ, true);
   }
 
-  public boolean canSplitTablet(TCredentials credentials, String tableId) throws ThriftSecurityException {
+  public boolean canSplitTablet(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasSystemPermissionWithTableId(credentials, SystemPermission.ALTER_TABLE, tableId, false)
-        || hasSystemPermissionWithTableId(credentials, SystemPermission.SYSTEM, tableId, false)
-        || hasTablePermission(credentials, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.ALTER_TABLE, namespaceId, false)
+        || hasSystemPermissionWithNamespaceId(credentials, SystemPermission.SYSTEM, namespaceId, false)
+        || hasTablePermission(credentials, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
   }
 
   /**
@@ -423,15 +407,15 @@ public class SecurityOperation {
     return hasSystemPermission(credentials, SystemPermission.SYSTEM, false);
   }
 
-  public boolean canFlush(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canFlush(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+    return hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
   }
 
-  public boolean canAlterTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canAlterTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
-        || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false);
+    return hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false)
+        || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false);
   }
 
   public boolean canCreateTable(TCredentials c, String table, String namespaceId) throws ThriftSecurityException {
@@ -439,54 +423,54 @@ public class SecurityOperation {
     return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, namespaceId, false);
   }
 
-  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
-        || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+        || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
   }
 
-  public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+  public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String srcNamespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.CREATE_TABLE, tableId, false) && hasTablePermission(c, tableId, TablePermission.READ, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, destinationNamespaceId, false) && hasTablePermission(c, tableId, srcNamespaceId, TablePermission.READ, false);
   }
 
-  public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.DROP_TABLE, tableId, false) || hasTablePermission(c, tableId, TablePermission.DROP_TABLE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.DROP_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.DROP_TABLE, false);
   }
 
-  public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op) throws ThriftSecurityException {
+  public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
-        || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
-        || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+        || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+        || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
   }
 
-  public boolean canMerge(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canMerge(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
-        || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
-        || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+        || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+        || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
   }
 
-  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
   }
 
-  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
-    return canBulkImport(c, tableId);
+  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
+    return canBulkImport(c, tableId, namespaceId);
   }
 
-  public boolean canBulkImport(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canBulkImport(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c, tableId, TablePermission.BULK_IMPORT, false);
+    return hasTablePermission(c, tableId, namespaceId, TablePermission.BULK_IMPORT, false);
   }
 
-  public boolean canCompact(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canCompact(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
-        || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+        || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
   }
 
   public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException {
@@ -519,9 +503,9 @@ public class SecurityOperation {
     return hasSystemPermission(c, SystemPermission.GRANT, false);
   }
 
-  public boolean canGrantTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+  public boolean canGrantTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
   }
 
   public boolean canGrantNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -551,9 +535,9 @@ public class SecurityOperation {
     return hasSystemPermission(c, SystemPermission.GRANT, false);
   }
 
-  public boolean canRevokeTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+  public boolean canRevokeTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+    return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
   }
 
   public boolean canRevokeNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -629,8 +613,8 @@ public class SecurityOperation {
     }
   }
 
-  public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
-    if (!canGrantTable(c, user, tableId))
+  public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+    if (!canGrantTable(c, user, tableId, namespaceId))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
     targetUserExists(user);
@@ -677,8 +661,8 @@ public class SecurityOperation {
     }
   }
 
-  public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
-    if (!canRevokeTable(c, user, tableId))
+  public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+    if (!canRevokeTable(c, user, tableId, namespaceId))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
     targetUserExists(user);
@@ -740,8 +724,8 @@ public class SecurityOperation {
     }
   }
 
-  public void deleteTable(TCredentials credentials, String tableId) throws ThriftSecurityException {
-    if (!canDeleteTable(credentials, tableId))
+  public void deleteTable(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
+    if (!canDeleteTable(credentials, tableId, namespaceId))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
       permHandle.cleanTablePermissions(tableId);
@@ -766,14 +750,14 @@ public class SecurityOperation {
     }
   }
 
-  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials, tableId, TablePermission.READ, false);
+    return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, false);
   }
 
-  public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+  public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, Tables.qualify(tableName).getFirst(), false);
+    return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, namespaceId, false);
   }
 
   public boolean canAlterNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException {
@@ -782,11 +766,10 @@ public class SecurityOperation {
   }
 
   public boolean canCreateNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException {
-    authenticate(credentials);
     return canCreateNamespace(credentials);
   }
 
-  public boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
+  private boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
     authenticate(credentials);
     return hasSystemPermission(credentials, SystemPermission.CREATE_NAMESPACE, false);
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
index 21a35de..6f2c39a 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
@@ -58,7 +58,6 @@ import org.apache.accumulo.master.tableOps.RenameTable;
 import org.apache.accumulo.master.tableOps.TableRangeOp;
 import org.apache.accumulo.master.tableOps.TraceRepo;
 import org.apache.accumulo.server.client.ClientServiceHandler;
-import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.state.MergeInfo;
 import org.apache.accumulo.server.util.TablePropUtil;
 import org.apache.accumulo.trace.thrift.TInfo;
@@ -130,7 +129,7 @@ class FateServiceHandler implements FateService.Iface {
         String namespaceId;
 
         try {
-          namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.qualify(tableName).getFirst());
+          namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
         } catch (NamespaceNotFoundException e) {
           throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
         }
@@ -162,8 +161,9 @@ class FateServiceHandler implements FateService.Iface {
         });
 
         String tableId = ClientServiceHandler.checkTableId(master.getInstance(), oldTableName, tableOp);
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
 
-        if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName))
+        if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         try {
@@ -178,8 +178,15 @@ class FateServiceHandler implements FateService.Iface {
         TableOperation tableOp = TableOperation.CLONE;
         String srcTableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
         String tableName = validateTableNameArgument(arguments.get(1), tableOp, Tables.NOT_SYSTEM);
-
-        if (!master.security.canCloneTable(c, srcTableId, tableName))
+        String namespaceId;
+        try {
+          namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
+        } catch (NamespaceNotFoundException e) {
+          // shouldn't happen, but possible once cloning between namespaces is supported
+          throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
+        }
+        
+        if (!master.security.canCloneTable(c, srcTableId, tableName, namespaceId, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         Map<String,String> propertiesToSet = new HashMap<String,String>();
@@ -209,7 +216,9 @@ class FateServiceHandler implements FateService.Iface {
         String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
 
         final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
-        if (!master.security.canDeleteTable(c, tableId))
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+        if (!master.security.canDeleteTable(c, tableId, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new DeleteTable(tableId)), autoCleanup);
         break;
@@ -217,8 +226,9 @@ class FateServiceHandler implements FateService.Iface {
       case TABLE_ONLINE: {
         TableOperation tableOp = TableOperation.ONLINE;
         final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
 
-        if (!master.security.canOnlineOfflineTable(c, tableId, op))
+        if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -227,8 +237,9 @@ class FateServiceHandler implements FateService.Iface {
       case TABLE_OFFLINE: {
         TableOperation tableOp = TableOperation.OFFLINE;
         final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
 
-        if (!master.security.canOnlineOfflineTable(c, tableId, op))
+        if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -241,7 +252,9 @@ class FateServiceHandler implements FateService.Iface {
         Text endRow = ByteBufferUtil.toText(arguments.get(2));
 
         final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
-        if (!master.security.canMerge(c, tableId))
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+        if (!master.security.canMerge(c, tableId, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         Master.log.debug("Creating merge op: " + tableId + " " + startRow + " " + endRow);
@@ -255,7 +268,9 @@ class FateServiceHandler implements FateService.Iface {
         Text endRow = ByteBufferUtil.toText(arguments.get(2));
 
         final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
-        if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow))
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+        if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup);
@@ -269,7 +284,9 @@ class FateServiceHandler implements FateService.Iface {
         boolean setTime = Boolean.parseBoolean(ByteBufferUtil.toString(arguments.get(3)));
 
         final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
-        if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir))
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+        
+        if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup);
@@ -281,8 +298,9 @@ class FateServiceHandler implements FateService.Iface {
         byte[] startRow = ByteBufferUtil.toBytes(arguments.get(1));
         byte[] endRow = ByteBufferUtil.toBytes(arguments.get(2));
         List<IteratorSetting> iterators = IteratorUtil.decodeIteratorSettings(ByteBufferUtil.toBytes(arguments.get(3)));
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
 
-        if (!master.security.canCompact(c, tableId))
+        if (!master.security.canCompact(c, tableId, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new CompactRange(tableId, startRow, endRow, iterators)), autoCleanup);
@@ -291,8 +309,9 @@ class FateServiceHandler implements FateService.Iface {
       case TABLE_CANCEL_COMPACT: {
         TableOperation tableOp = TableOperation.COMPACT_CANCEL;
         String tableId = validateTableIdArgument(arguments.get(0), tableOp, null);
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
 
-        if (!master.security.canCompact(c, tableId))
+        if (!master.security.canCompact(c, tableId, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new CancelCompactions(tableId)), autoCleanup);
@@ -302,15 +321,17 @@ class FateServiceHandler implements FateService.Iface {
         TableOperation tableOp = TableOperation.IMPORT;
         String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
         String exportDir = ByteBufferUtil.toString(arguments.get(1));
-
-        if (!master.security.canImport(c, tableName, exportDir))
-          throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
-
+        String namespaceId;
         try {
-          master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir)), autoCleanup);
+          namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
         } catch (NamespaceNotFoundException e) {
           throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
         }
+
+        if (!master.security.canImport(c, tableName, exportDir, namespaceId))
+          throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+
+        master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir, namespaceId)), autoCleanup);
         break;
       }
       case TABLE_EXPORT: {
@@ -319,7 +340,9 @@ class FateServiceHandler implements FateService.Iface {
         String exportDir = ByteBufferUtil.toString(arguments.get(1));
 
         String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
-        if (!master.security.canExport(c, tableId, tableName, exportDir))
+        String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+        
+        if (!master.security.canExport(c, tableId, tableName, exportDir, namespaceId))
           throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
         master.fate.seedTransaction(opid, new TraceRepo<Master>(new ExportTable(tableName, tableId, exportDir)), autoCleanup);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/Master.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/Master.java b/server/master/src/main/java/org/apache/accumulo/master/Master.java
index 86a35cd..60881a5 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/Master.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/Master.java
@@ -289,7 +289,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
             NodeExistsPolicy.SKIP);
         Initialize.initMetadataConfig(RootTable.ID);
         // ensure root user can flush root table
-        security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE);
+        security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE, Namespaces.ACCUMULO_NAMESPACE_ID);
 
         // put existing tables in the correct namespaces
         String tables = ZooUtil.getRoot(instance) + Constants.ZTABLES;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
index 3a39f5c..e9914ab 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
@@ -28,6 +28,7 @@ import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.client.IsolatedScanner;
 import org.apache.accumulo.core.client.RowIterator;
 import org.apache.accumulo.core.client.Scanner;
@@ -90,14 +91,17 @@ import org.apache.zookeeper.KeeperException.NoNodeException;
 class MasterClientServiceHandler extends FateServiceHandler implements MasterClientService.Iface {
 
   private static final Logger log = Master.log;
+  private Instance instance;
 
   MasterClientServiceHandler(Master master) {
     super(master);
+    this.instance = master.getInstance();
   }
 
   @Override
   public long initiateFlush(TInfo tinfo, TCredentials c, String tableId) throws ThriftSecurityException, ThriftTableOperationException {
-    master.security.canFlush(c, tableId);
+    String namespaceId = Tables.getNamespace(instance, tableId);
+    master.security.canFlush(c, tableId, namespaceId);
 
     String zTablePath = Constants.ZROOT + "/" + master.getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
         + Constants.ZTABLE_FLUSH_ID;
@@ -125,7 +129,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
   @Override
   public void waitForFlush(TInfo tinfo, TCredentials c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
       throws ThriftSecurityException, ThriftTableOperationException {
-    master.security.canFlush(c, tableId);
+    String namespaceId = Tables.getNamespace(instance, tableId);
+    master.security.canFlush(c, tableId, namespaceId);
 
     if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0)
       throw new ThriftTableOperationException(tableId, null, TableOperation.FLUSH, TableOperationExceptionType.BAD_RANGE, "start row must be less than end row");
@@ -430,7 +435,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
   private void alterTableProperty(TCredentials c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
       ThriftTableOperationException {
     final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, op);
-    if (!master.security.canAlterTable(c, tableId))
+    String namespaceId = Tables.getNamespace(master.getInstance(), tableId); 
+    if (!master.security.canAlterTable(c, tableId, namespaceId))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
     try {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
index cba1492..bfaab82 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
@@ -202,7 +202,7 @@ class ClonePermissions extends MasterRepo {
     for (TablePermission permission : TablePermission.values()) {
       try {
         AuditedSecurityOperation.getInstance().grantTablePermission(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.user,
-            cloneInfo.tableId, permission);
+            cloneInfo.tableId, permission, cloneInfo.namespaceId);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
         throw e;
@@ -222,7 +222,7 @@ class ClonePermissions extends MasterRepo {
 
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId, cloneInfo.namespaceId);
   }
 }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
index 33ee878..5b64053 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
@@ -251,7 +251,7 @@ class SetupPermissions extends MasterRepo {
     SecurityOperation security = AuditedSecurityOperation.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
-        security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+        security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCreateTable.class).error(e.getMessage(), e);
         throw e;
@@ -266,7 +266,7 @@ class SetupPermissions extends MasterRepo {
 
   @Override
   public void undo(long tid, Master env) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
index 166ec89..64c1d99 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
@@ -204,7 +204,7 @@ class CleanUp extends MasterRepo {
     
     // remove any permissions associated with this table
     try {
-      AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId);
+      AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId, namespaceId);
     } catch (ThriftSecurityException e) {
       log.error(e.getMessage(), e);
     }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
index 9f35628..ddf1598 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
@@ -34,7 +34,6 @@ import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.client.BatchWriter;
 import org.apache.accumulo.core.client.BatchWriterConfig;
 import org.apache.accumulo.core.client.Instance;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.admin.TableOperationsImpl;
 import org.apache.accumulo.core.client.impl.Namespaces;
 import org.apache.accumulo.core.client.impl.Tables;
@@ -495,7 +494,7 @@ class ImportSetupPermissions extends MasterRepo {
     SecurityOperation security = AuditedSecurityOperation.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
-        security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+        security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(ImportSetupPermissions.class).error(e.getMessage(), e);
         throw e;
@@ -510,7 +509,7 @@ class ImportSetupPermissions extends MasterRepo {
 
   @Override
   public void undo(long tid, Master env) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
   }
 }
 
@@ -519,13 +518,12 @@ public class ImportTable extends MasterRepo {
 
   private ImportedTableInfo tableInfo;
 
-  public ImportTable(String user, String tableName, String exportDir) throws NamespaceNotFoundException {
+  public ImportTable(String user, String tableName, String exportDir, String namespaceId) {
     tableInfo = new ImportedTableInfo();
     tableInfo.tableName = tableName;
     tableInfo.user = user;
     tableInfo.exportDir = exportDir;
-    Instance inst = HdfsZooInstance.getInstance();
-    tableInfo.namespaceId = Namespaces.getNamespaceId(inst, Tables.qualify(tableName).getFirst());
+    tableInfo.namespaceId = namespaceId;
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
----------------------------------------------------------------------
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index 7fdc9b2..b5a8b2a 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -67,6 +67,7 @@ import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.client.impl.CompressedIterators;
 import org.apache.accumulo.core.client.impl.CompressedIterators.IterConfig;
 import org.apache.accumulo.core.client.impl.ScannerImpl;
+import org.apache.accumulo.core.client.impl.Tables;
 import org.apache.accumulo.core.client.impl.TabletType;
 import org.apache.accumulo.core.client.impl.Translator;
 import org.apache.accumulo.core.client.impl.Translator.TKeyExtentTranslator;
@@ -1181,7 +1182,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
         List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, boolean isolated,
         long readaheadThreshold) throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
 
-      if (!security.canScan(credentials, new String(textent.getTable()), range, columns, ssiList, ssio, authorizations))
+      String tableId = new String(textent.getTable());
+      if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), range, columns, ssiList, ssio, authorizations))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
       if (!security.userHasAuthorizations(credentials, authorizations))
@@ -1338,8 +1340,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
         throw new IllegalArgumentException("Cannot batch scan over multiple tables");
 
       // check if user has permission to the tables
-      for (String table : tables)
-        if (!security.canScan(credentials, table, tbatch, tcolumns, ssiList, ssio, authorizations))
+      for (String tableId : tables)
+        if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), tbatch, tcolumns, ssiList, ssio, authorizations))
           throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
       try {
@@ -1475,7 +1477,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
         // if user has no permission to write to this table, add it to
         // the failures list
         boolean sameTable = us.currentTablet != null && (us.currentTablet.getExtent().getTableId().equals(keyExtent.getTableId()));
-        if (sameTable || security.canWrite(us.credentials, keyExtent.getTableId().toString())) {
+        String tableId = keyExtent.getTableId().toString();
+        if (sameTable || security.canWrite(us.credentials, tableId, Tables.getNamespace(instance, tableId))) {
           long t2 = System.currentTimeMillis();
           us.authTimes.addStat(t2 - t1);
           us.currentTablet = onlineTablets.get(keyExtent);
@@ -1739,7 +1742,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
     public void update(TInfo tinfo, TCredentials credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
         ConstraintViolationException, ThriftSecurityException {
 
-      if (!security.canWrite(credentials, new String(tkeyExtent.getTable())))
+      String tableId = new String(tkeyExtent.getTable());
+      if (!security.canWrite(credentials, tableId, Tables.getNamespace(instance, tableId)))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       KeyExtent keyExtent = new KeyExtent(tkeyExtent);
       Tablet tablet = onlineTablets.get(new KeyExtent(keyExtent));
@@ -1997,11 +2001,11 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
     }
 
     @Override
-    public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableID)
+    public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableId)
         throws ThriftSecurityException, TException {
 
       Authorizations userauths = null;
-      if (!security.canConditionallyUpdate(credentials, tableID, authorizations))
+      if (!security.canConditionallyUpdate(credentials, tableId, Tables.getNamespace(instance, tableId), authorizations))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
       userauths = security.getUserAuthorizations(credentials);
@@ -2012,7 +2016,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
       ConditionalSession cs = new ConditionalSession();
       cs.auths = new Authorizations(authorizations);
       cs.credentials = credentials;
-      cs.tableId = tableID;
+      cs.tableId = tableId;
       cs.interruptFlag = new AtomicBoolean();
 
       long sid = sessionManager.createSession(cs, false);
@@ -2083,7 +2087,9 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
         ThriftSecurityException {
 
       String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
-      if (!security.canSplitTablet(credentials, tableId))
+      String namespaceId = Tables.getNamespace(instance, tableId);
+      
+      if (!security.canSplitTablet(credentials, tableId, namespaceId))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
       KeyExtent keyExtent = new KeyExtent(tkeyExtent);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
index b2c4c87..a879361 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
@@ -35,9 +35,10 @@ public class AlterTable extends Test {
     Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysUserName(), WalkingSecurity.get(state).getSysToken());
     
     String tableName = WalkingSecurity.get(state).getTableName();
+    String namespaceName = WalkingSecurity.get(state).getNamespaceName();
     
     boolean exists = WalkingSecurity.get(state).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName);
+    boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName, namespaceName);
     String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
         System.currentTimeMillis());
     

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
index bad7b28..335ae31 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
@@ -76,7 +76,7 @@ public class AlterTablePerm extends Test {
     Connector conn = state.getInstance().getConnector(sourceUser, sourceToken);
     
     canGive = WalkingSecurity.get(state).canGrantTable(new Credentials(sourceUser, sourceToken).toThrift(state.getInstance()), target,
-        WalkingSecurity.get(state).getTableName());
+        WalkingSecurity.get(state).getTableName(), WalkingSecurity.get(state).getNamespaceName());
     
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
index 52b6e25..cfcc270 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
@@ -50,9 +50,10 @@ public class DropTable extends Test {
     Connector conn = state.getInstance().getConnector(principal, token);
     
     String tableName = WalkingSecurity.get(state).getTableName();
+    String namespaceName = WalkingSecurity.get(state).getNamespaceName();
     
     boolean exists = WalkingSecurity.get(state).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName);
+    boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName, namespaceName);
     
     try {
       conn.tableOperations().delete(tableName);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
index 4016c12..8841355 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
@@ -31,7 +31,7 @@ public class SecurityFixture extends Fixture {
   
   @Override
   public void setUp(State state) throws Exception {
-    String secTableName, systemUserName, tableUserName;
+    String secTableName, systemUserName, tableUserName, secNamespaceName;
     Connector conn = state.getConnector();
     
     String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
@@ -39,6 +39,7 @@ public class SecurityFixture extends Fixture {
     systemUserName = String.format("system_%s", hostname);
     tableUserName = String.format("table_%s", hostname);
     secTableName = String.format("security_%s", hostname);
+    secNamespaceName = String.format("securityNs_%s", hostname);
     
     if (conn.tableOperations().exists(secTableName))
       conn.tableOperations().delete(secTableName);
@@ -52,6 +53,7 @@ public class SecurityFixture extends Fixture {
     conn.securityOperations().createLocalUser(systemUserName, sysUserPass);
     
     WalkingSecurity.get(state).setTableName(secTableName);
+    WalkingSecurity.get(state).setNamespaceName(secNamespaceName);
     state.set("rootUserPass", state.getCredentials().getToken());
     
     WalkingSecurity.get(state).setSysUserName(systemUserName);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index a636355..5c23743 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -66,10 +66,11 @@ public class TableOp extends Test {
     
     boolean tableExists = WalkingSecurity.get(state).getTableExists();
     String tableName = WalkingSecurity.get(state).getTableName();
+    String namespaceName = WalkingSecurity.get(state).getNamespaceName();
     
     switch (tp) {
       case READ: {
-        boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName);
+        boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
         Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
         boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
         boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
@@ -140,7 +141,7 @@ public class TableOp extends Test {
         break;
       }
       case WRITE:
-        boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName);
+        boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
         boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
         
         String key = WalkingSecurity.get(state).getLastKey() + "1";
@@ -214,7 +215,7 @@ public class TableOp extends Test {
           return;
         } catch (AccumuloSecurityException ae) {
           if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
-            if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+            if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
               throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
             return;
           } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
@@ -228,12 +229,12 @@ public class TableOp extends Test {
         fs.delete(dir, true);
         fs.delete(fail, true);
         
-        if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+        if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
           throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
         break;
       case ALTER_TABLE:
         AlterTable.renameTable(conn, state, tableName, tableName + "plus",
-            WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName), tableExists);
+            WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName), tableExists);
         break;
       
       case GRANT:

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
index b3e693c..37bb364 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
@@ -56,6 +56,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
   protected final static Logger log = Logger.getLogger(WalkingSecurity.class);
 
   private static final String tableName = "SecurityTableName";
+  private static final String namespaceName = "SecurityNamespaceName";
   private static final String userName = "UserName";
 
   private static final String userPass = "UserPass";
@@ -335,6 +336,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
     return state.getString(tableName);
   }
 
+  public String getNamespaceName() {
+    return state.getString(namespaceName);
+  }
+
   public boolean getTableExists() {
     return Boolean.parseBoolean(state.getString(tableExists));
   }
@@ -387,6 +392,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
     state.set(tableName, tName);
   }
 
+  public void setNamespaceName(String nsName) {
+    state.set(namespaceName, nsName);
+  }
+
   @Override
   public void initTable(String table) throws AccumuloSecurityException {
     state.set(tableExists, Boolean.toString(true));

http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
index 70b639a..3f98c12 100644
--- a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
@@ -106,7 +106,7 @@ public class ConditionalWriterIT extends SimpleMacIT {
     conn.tableOperations().create(tableName);
 
     ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig());
-
+    
     // mutation conditional on column tx:seq not existing
     ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq"));
     cm0.put("name", "last", "doe");


Mime
View raw message