accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: 1.6.0: Namespace.CREATE_TABLE not enforced?
Date Sat, 16 Aug 2014 00:51:10 GMT
Looking at this, I'm guessing that System.CREATE_TABLE is overriding any 
permissions on the namespace 'foo'.

Because 'user' has the ability to create tables at the System level, I'm 
guessing it trumps the lack of CREATE_TABLE for user on that namespace.

Disclaimer: I haven't looked at the code to back up that guess.

On 8/15/14, 8:35 PM, Matthew Dailey wrote:
>  From a clean Accumulo 1.6.0 install, I created a new user, gave them
> System.CREATE_TABLE, and created a new namespace, but did not give that
> user any permissions to that namespace.  However, I was then able to
> create a table under that namespace as the new user.
> Is there some default openness for namespaces?  My use case is having a
> user able to make sandbox tables within their own personal namespace.
> Thanks,
> Matt
> P.S.  Command dump follows:
> root@accumulo> createuser user
> root@accumulo> grant -u user -s System.CREATE_TABLE
> root@accumulo> createnamespace foo
> root@accumulo> user user
> user@accumulo> createtable
> user@accumulo> insert a b c d
> user@accumulo> scan
> a b:c []    d
> user@accumulo> userpermissions
> System permissions: System.CREATE_TABLE
> Namespace permissions (accumulo): Namespace.READ
> Table permissions (accumulo.metadata): Table.READ
> Table permissions (accumulo.root): Table.READ
> Table permissions ( Table.READ, Table.WRITE, Table.BULK_IMPORT,
> user@accumulo>

View raw message