hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ssrungar...@apache.org
Subject [2/3] hbase git commit: HBASE-13658 Improve the test run time for TestAccessController class
Date Thu, 04 Jun 2015 14:11:02 GMT
http://git-wip-us.apache.org/repos/asf/hbase/blob/205ed40f/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index a9dd52d..8996677 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -45,7 +45,6 @@ import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.HRegionLocation;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.KeyValue;
-import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.apache.hadoop.hbase.MiniHBaseCluster;
 import org.apache.hadoop.hbase.NamespaceDescriptor;
 import org.apache.hadoop.hbase.ServerName;
@@ -103,16 +102,13 @@ import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;
 import org.apache.hadoop.hbase.regionserver.ScanType;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.Permission.Action;
+import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hbase.util.JVMClusterUtil;
-import org.apache.hadoop.hbase.util.TestTableName;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
-import org.junit.After;
 import org.junit.AfterClass;
-import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
@@ -136,7 +132,7 @@ public class TestAccessController extends SecureTestUtil {
     Logger.getLogger(TableAuthManager.class).setLevel(Level.TRACE);
   }
 
-  @Rule public TestTableName TEST_TABLE = new TestTableName();
+  private static TableName TEST_TABLE = TableName.valueOf("testtable1");
   private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
   private static Configuration conf;
 
@@ -175,7 +171,7 @@ public class TestAccessController extends SecureTestUtil {
   private static MasterCoprocessorEnvironment CP_ENV;
   private static AccessController ACCESS_CONTROLLER;
   private static RegionServerCoprocessorEnvironment RSCP_ENV;
-  private RegionCoprocessorEnvironment RCP_ENV;
+  private static RegionCoprocessorEnvironment RCP_ENV;
 
   @BeforeClass
   public static void setupBeforeClass() throws Exception {
@@ -218,25 +214,24 @@ public class TestAccessController extends SecureTestUtil {
     USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
 
     systemUserConnection = TEST_UTIL.getConnection();
+    setUpTableAndUserPermissions();
   }
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
+    cleanUp();
     TEST_UTIL.shutdownMiniCluster();
   }
 
-  @Before
-  public void setUp() throws Exception {
-    // Create the test table (owner added to the _acl_ table)
-    Admin admin = TEST_UTIL.getHBaseAdmin();
-    HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName());
+  private static void setUpTableAndUserPermissions() throws Exception {
+    HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
     HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
     hcd.setMaxVersions(100);
     htd.addFamily(hcd);
     htd.setOwner(USER_OWNER);
     createTable(TEST_UTIL, htd, new byte[][] { Bytes.toBytes("s") });
 
-    Region region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE.getTableName()).get(0);
+    Region region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0);
     RegionCoprocessorHost rcpHost = region.getCoprocessorHost();
     RCP_ENV = rcpHost.createEnvironment(AccessController.class, ACCESS_CONTROLLER,
       Coprocessor.PRIORITY_HIGHEST, 1, conf);
@@ -250,26 +245,26 @@ public class TestAccessController extends SecureTestUtil {
       Permission.Action.WRITE);
 
     grantOnTable(TEST_UTIL, USER_RW.getShortName(),
-      TEST_TABLE.getTableName(), TEST_FAMILY, null,
+      TEST_TABLE, TEST_FAMILY, null,
       Permission.Action.READ,
       Permission.Action.WRITE);
 
     // USER_CREATE is USER_RW plus CREATE permissions
     grantOnTable(TEST_UTIL, USER_CREATE.getShortName(),
-      TEST_TABLE.getTableName(), null, null,
+      TEST_TABLE, null, null,
       Permission.Action.CREATE,
       Permission.Action.READ,
       Permission.Action.WRITE);
 
     grantOnTable(TEST_UTIL, USER_RO.getShortName(),
-      TEST_TABLE.getTableName(), TEST_FAMILY, null,
+      TEST_TABLE, TEST_FAMILY, null,
       Permission.Action.READ);
 
     grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(),
-      TEST_TABLE.getTableName(), TEST_FAMILY,
+      TEST_TABLE, TEST_FAMILY,
       null, Permission.Action.ADMIN, Permission.Action.CREATE);
 
-    assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
+    assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
     try {
       assertEquals(5, AccessControlClient.getUserPermissions(systemUserConnection,
           TEST_TABLE.toString()).size());
@@ -278,21 +273,20 @@ public class TestAccessController extends SecureTestUtil {
     }
   }
 
-  @After
-  public void tearDown() throws Exception {
+  private static void cleanUp() throws Exception {
     // Clean the _acl_ table
     try {
-      deleteTable(TEST_UTIL, TEST_TABLE.getTableName());
+      deleteTable(TEST_UTIL, TEST_TABLE);
     } catch (TableNotFoundException ex) {
       // Test deleted the table, no problem
-      LOG.info("Test deleted table " + TEST_TABLE.getTableName());
+      LOG.info("Test deleted table " + TEST_TABLE);
     }
     // Verify all table/namespace permissions are erased
-    assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
+    assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
     assertEquals(
       0,
       AccessControlLists.getNamespacePermissions(conf,
-        TEST_TABLE.getTableName().getNamespaceAsString()).size());
+        TEST_TABLE.getNamespaceAsString()).size());
   }
 
   @Test
@@ -319,11 +313,11 @@ public class TestAccessController extends SecureTestUtil {
     AccessTestAction modifyTable = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName());
+        HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
         htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
         htd.addFamily(new HColumnDescriptor("fam_" + User.getCurrent().getShortName()));
         ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV, null),
-          TEST_TABLE.getTableName(), htd);
+          TEST_TABLE, htd);
         return null;
       }
     };
@@ -338,7 +332,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         ACCESS_CONTROLLER
-            .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName());
+            .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE);
         return null;
       }
     };
@@ -354,7 +348,7 @@ public class TestAccessController extends SecureTestUtil {
       public Object run() throws Exception {
         ACCESS_CONTROLLER
             .preTruncateTable(ObserverContext.createAndPrepare(CP_ENV, null),
-              TEST_TABLE.getTableName());
+              TEST_TABLE);
         return null;
       }
     };
@@ -369,7 +363,7 @@ public class TestAccessController extends SecureTestUtil {
     AccessTestAction action = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        ACCESS_CONTROLLER.preAddColumn(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName(),
+        ACCESS_CONTROLLER.preAddColumn(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE,
           hcd);
         return null;
       }
@@ -387,7 +381,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         ACCESS_CONTROLLER.preModifyColumn(ObserverContext.createAndPrepare(CP_ENV, null),
-          TEST_TABLE.getTableName(), hcd);
+          TEST_TABLE, hcd);
         return null;
       }
     };
@@ -402,7 +396,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         ACCESS_CONTROLLER.preDeleteColumn(ObserverContext.createAndPrepare(CP_ENV, null),
-          TEST_TABLE.getTableName(), TEST_FAMILY);
+          TEST_TABLE, TEST_FAMILY);
         return null;
       }
     };
@@ -417,7 +411,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null),
-          TEST_TABLE.getTableName());
+          TEST_TABLE);
         return null;
       }
     };
@@ -444,7 +438,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         ACCESS_CONTROLLER
-            .preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName());
+            .preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE);
         return null;
       }
     };
@@ -456,7 +450,7 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testMove() throws Exception {
     List<HRegionLocation> regions;
-    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
+    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {
       regions = locator.getAllRegionLocations();
     }
     HRegionLocation location = regions.get(0);
@@ -478,7 +472,7 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testAssign() throws Exception {
     List<HRegionLocation> regions;
-    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
+    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {
       regions = locator.getAllRegionLocations();
     }
     HRegionLocation location = regions.get(0);
@@ -498,7 +492,7 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testUnassign() throws Exception {
     List<HRegionLocation> regions;
-    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
+    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {
       regions = locator.getAllRegionLocations();
     }
     HRegionLocation location = regions.get(0);
@@ -518,7 +512,7 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testRegionOffline() throws Exception {
     List<HRegionLocation> regions;
-    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
+    try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {
       regions = locator.getAllRegionLocations();
     }
     HRegionLocation location = regions.get(0);
@@ -628,21 +622,25 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testMergeRegions() throws Exception {
-    final List<HRegion> regions = TEST_UTIL.getHBaseCluster().findRegionsForTable(TEST_TABLE.getTableName());
-    assertTrue("not enough regions: " + regions.size(), regions.size() >= 2);
-
-    AccessTestAction action = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        ACCESS_CONTROLLER.preMerge(
-            ObserverContext.createAndPrepare(RSCP_ENV, null),
-            regions.get(0),regions.get(1));
-        return null;
-      }
-    };
+    final TableName tname = TableName.valueOf("testMergeRegions");
+    createTestTable(tname);
+    try {
+      final List<HRegion> regions = TEST_UTIL.getHBaseCluster().findRegionsForTable(tname);
+      assertTrue("not enough regions: " + regions.size(), regions.size() >= 2);
+      AccessTestAction action = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          ACCESS_CONTROLLER.preMerge(ObserverContext.createAndPrepare(RSCP_ENV, null),
+            regions.get(0), regions.get(1));
+          return null;
+        }
+      };
 
-    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
-    verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+      verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
+      verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+    } finally {
+      TEST_UTIL.deleteTable(tname);
+    }
   }
 
   @Test
@@ -693,7 +691,7 @@ public class TestAccessController extends SecureTestUtil {
         Get g = new Get(TEST_ROW);
         g.addFamily(TEST_FAMILY);
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.get(g);
         }
         return null;
@@ -709,7 +707,7 @@ public class TestAccessController extends SecureTestUtil {
         s.addFamily(TEST_FAMILY);
 
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           ResultScanner scanner = t.getScanner(s);
           try {
             for (Result r = scanner.next(); r != null; r = scanner.next()) {
@@ -736,7 +734,7 @@ public class TestAccessController extends SecureTestUtil {
         Put p = new Put(TEST_ROW);
         p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.put(p);
         }
         return null;
@@ -751,7 +749,7 @@ public class TestAccessController extends SecureTestUtil {
         Delete d = new Delete(TEST_ROW);
         d.deleteFamily(TEST_FAMILY);
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.delete(d);
         }
         return null;
@@ -766,7 +764,7 @@ public class TestAccessController extends SecureTestUtil {
         Increment inc = new Increment(TEST_ROW);
         inc.addColumn(TEST_FAMILY, TEST_QUALIFIER, 1);
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.increment(inc);
         }
         return null;
@@ -784,7 +782,7 @@ public class TestAccessController extends SecureTestUtil {
         Delete d = new Delete(TEST_ROW);
         d.deleteFamily(TEST_FAMILY);
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.checkAndDelete(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
               Bytes.toBytes("test_value"), d);
         }
@@ -800,7 +798,7 @@ public class TestAccessController extends SecureTestUtil {
         Put p = new Put(TEST_ROW);
         p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.checkAndPut(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
               Bytes.toBytes("test_value"), p);
         }
@@ -812,37 +810,39 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testBulkLoad() throws Exception {
-    FileSystem fs = TEST_UTIL.getTestFileSystem();
-    final Path dir = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoad");
-    fs.mkdirs(dir);
-    //need to make it globally writable
-    //so users creating HFiles have write permissions
-    fs.setPermission(dir, FsPermission.valueOf("-rwxrwxrwx"));
-
-    AccessTestAction bulkLoadAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        int numRows = 3;
+    try {
+      FileSystem fs = TEST_UTIL.getTestFileSystem();
+      final Path dir = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoad");
+      fs.mkdirs(dir);
+      // need to make it globally writable
+      // so users creating HFiles have write permissions
+      fs.setPermission(dir, FsPermission.valueOf("-rwxrwxrwx"));
+
+      AccessTestAction bulkLoadAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          int numRows = 3;
 
-        //Making the assumption that the test table won't split between the range
-        byte[][][] hfileRanges = {{{(byte)0}, {(byte)9}}};
+          // Making the assumption that the test table won't split between the range
+          byte[][][] hfileRanges = { { { (byte) 0 }, { (byte) 9 } } };
 
-        Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));
-        new BulkLoadHelper(bulkLoadBasePath)
-            .bulkLoadHFile(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_QUALIFIER, hfileRanges, numRows);
+          Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));
+          new BulkLoadHelper(bulkLoadBasePath).bulkLoadHFile(TEST_TABLE, TEST_FAMILY,
+            TEST_QUALIFIER, hfileRanges, numRows);
 
-        return null;
-      }
-    };
-
-    // User performing bulk loads must have privilege to read table metadata
-    // (ADMIN or CREATE)
-    verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
-    verifyDenied(bulkLoadAction, USER_RW, USER_NONE, USER_RO);
+          return null;
+        }
+      };
 
-    // Reinit after the bulk upload
-    TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
-    TEST_UTIL.getHBaseAdmin().enableTable(TEST_TABLE.getTableName());
+      // User performing bulk loads must have privilege to read table metadata
+      // (ADMIN or CREATE)
+      verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
+      verifyDenied(bulkLoadAction, USER_RW, USER_NONE, USER_RO);
+    } finally {
+      // Reinit after the bulk upload
+      TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE);
+      TEST_UTIL.getHBaseAdmin().enableTable(TEST_TABLE);
+    }
   }
 
   public class BulkLoadHelper {
@@ -933,7 +933,7 @@ public class TestAccessController extends SecureTestUtil {
         Append append = new Append(row);
         append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2));
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           t.put(put);
           t.append(append);
         }
@@ -952,10 +952,10 @@ public class TestAccessController extends SecureTestUtil {
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
             Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
-          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
           AccessControlService.BlockingInterface protocol =
             AccessControlService.newBlockingStub(service);
-          ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(),
+          ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE,
             TEST_FAMILY, null, Action.READ);
         }
         return null;
@@ -967,11 +967,11 @@ public class TestAccessController extends SecureTestUtil {
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
             Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
-          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
           AccessControlService.BlockingInterface protocol =
             AccessControlService.newBlockingStub(service);
-          ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(),
-              TEST_FAMILY, null, Action.READ);
+          ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+            Action.READ);
         }
         return null;
       }
@@ -982,10 +982,10 @@ public class TestAccessController extends SecureTestUtil {
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
             Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
-          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
           AccessControlService.BlockingInterface protocol =
             AccessControlService.newBlockingStub(service);
-          ProtobufUtil.getUserPermissions(protocol, TEST_TABLE.getTableName());
+          ProtobufUtil.getUserPermissions(protocol, TEST_TABLE);
         }
         return null;
       }
@@ -1007,16 +1007,21 @@ public class TestAccessController extends SecureTestUtil {
 
     verifyAllowed(grantAction, SUPERUSER, USER_ADMIN, USER_OWNER);
     verifyDenied(grantAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+    try {
+      verifyAllowed(revokeAction, SUPERUSER, USER_ADMIN, USER_OWNER);
+      verifyDenied(revokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
 
-    verifyAllowed(revokeAction, SUPERUSER, USER_ADMIN, USER_OWNER);
-    verifyDenied(revokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
-
-    verifyAllowed(getTablePermissionsAction, SUPERUSER, USER_ADMIN, USER_OWNER);
-    verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+      verifyAllowed(getTablePermissionsAction, SUPERUSER, USER_ADMIN, USER_OWNER);
+      verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
 
-    verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN);
-    verifyDenied(getGlobalPermissionsAction, USER_CREATE,
-        USER_OWNER, USER_RW, USER_RO, USER_NONE);
+      verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN);
+      verifyDenied(getGlobalPermissionsAction, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+        USER_NONE);
+    } finally {
+      // Cleanup, Grant the revoked permission back to the user
+      grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+        Permission.Action.READ);
+    }
   }
 
   @Test
@@ -1036,237 +1041,232 @@ public class TestAccessController extends SecureTestUtil {
     htd.addFamily(new HColumnDescriptor(family1));
     htd.addFamily(new HColumnDescriptor(family2));
     createTable(TEST_UTIL, htd);
-
-    // create temp users
-    User tblUser = User
-        .createUserForTesting(TEST_UTIL.getConfiguration(), "tbluser", new String[0]);
-    User gblUser = User
-        .createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
-
-    // prepare actions:
-    AccessTestAction putActionAll = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Put p = new Put(Bytes.toBytes("a"));
-        p.add(family1, qualifier, Bytes.toBytes("v1"));
-        p.add(family2, qualifier, Bytes.toBytes("v2"));
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.put(p);
+    try {
+      // create temp users
+      User tblUser =
+          User.createUserForTesting(TEST_UTIL.getConfiguration(), "tbluser", new String[0]);
+      User gblUser =
+          User.createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
+
+      // prepare actions:
+      AccessTestAction putActionAll = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Put p = new Put(Bytes.toBytes("a"));
+          p.add(family1, qualifier, Bytes.toBytes("v1"));
+          p.add(family2, qualifier, Bytes.toBytes("v2"));
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.put(p);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction putAction1 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Put p = new Put(Bytes.toBytes("a"));
-        p.add(family1, qualifier, Bytes.toBytes("v1"));
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.put(p);
+      AccessTestAction putAction1 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Put p = new Put(Bytes.toBytes("a"));
+          p.add(family1, qualifier, Bytes.toBytes("v1"));
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.put(p);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction putAction2 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Put p = new Put(Bytes.toBytes("a"));
-        p.add(family2, qualifier, Bytes.toBytes("v2"));
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.put(p);
+      AccessTestAction putAction2 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Put p = new Put(Bytes.toBytes("a"));
+          p.add(family2, qualifier, Bytes.toBytes("v2"));
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.put(p);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction getActionAll = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Get g = new Get(TEST_ROW);
-        g.addFamily(family1);
-        g.addFamily(family2);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.get(g);
+      AccessTestAction getActionAll = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Get g = new Get(TEST_ROW);
+          g.addFamily(family1);
+          g.addFamily(family2);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.get(g);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction getAction1 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Get g = new Get(TEST_ROW);
-        g.addFamily(family1);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.get(g);
+      AccessTestAction getAction1 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Get g = new Get(TEST_ROW);
+          g.addFamily(family1);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.get(g);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction getAction2 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Get g = new Get(TEST_ROW);
-        g.addFamily(family2);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.get(g);
+      AccessTestAction getAction2 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Get g = new Get(TEST_ROW);
+          g.addFamily(family2);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.get(g);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction deleteActionAll = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Delete d = new Delete(TEST_ROW);
-        d.deleteFamily(family1);
-        d.deleteFamily(family2);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.delete(d);
+      AccessTestAction deleteActionAll = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Delete d = new Delete(TEST_ROW);
+          d.deleteFamily(family1);
+          d.deleteFamily(family2);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.delete(d);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction deleteAction1 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Delete d = new Delete(TEST_ROW);
-        d.deleteFamily(family1);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.delete(d);
+      AccessTestAction deleteAction1 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Delete d = new Delete(TEST_ROW);
+          d.deleteFamily(family1);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.delete(d);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction deleteAction2 = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Delete d = new Delete(TEST_ROW);
-        d.deleteFamily(family2);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.delete(d);
+      AccessTestAction deleteAction2 = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Delete d = new Delete(TEST_ROW);
+          d.deleteFamily(family2);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.delete(d);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    // initial check:
-    verifyDenied(tblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      // initial check:
+      verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    verifyDenied(gblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(gblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // grant table read permission
-    grantGlobal(TEST_UTIL, gblUser.getShortName(),
-      Permission.Action.READ);
-    grantOnTable(TEST_UTIL, tblUser.getShortName(),
-      tableName, null, null,
-      Permission.Action.READ);
+      // grant table read permission
+      grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);
+      grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null,
+        Permission.Action.READ);
 
-    // check
-    verifyAllowed(tblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      // check
+      verifyAllowed(tblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(gblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // grant table write permission while revoking read permissions
-    grantGlobal(TEST_UTIL, gblUser.getShortName(),
-      Permission.Action.WRITE);
-    grantOnTable(TEST_UTIL, tblUser.getShortName(),
-      tableName, null, null,
-      Permission.Action.WRITE);
+      // grant table write permission while revoking read permissions
+      grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);
+      grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null,
+        Permission.Action.WRITE);
 
-    verifyDenied(tblUser, getActionAll, getAction1, getAction2);
-    verifyAllowed(tblUser, putActionAll, putAction1, putAction2);
-    verifyAllowed(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+      verifyAllowed(tblUser, putActionAll, putAction1, putAction2);
+      verifyAllowed(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    verifyDenied(gblUser, getActionAll, getAction1, getAction2);
-    verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
-    verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+      verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
+      verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // revoke table permissions
-    revokeGlobal(TEST_UTIL, gblUser.getShortName());
-    revokeFromTable(TEST_UTIL, tblUser.getShortName(),
-      tableName, null, null);
+      // revoke table permissions
+      revokeGlobal(TEST_UTIL, gblUser.getShortName());
+      revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null);
 
-    verifyDenied(tblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    verifyDenied(gblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(gblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // grant column family read permission
-    grantGlobal(TEST_UTIL, gblUser.getShortName(),
-      Permission.Action.READ);
-    grantOnTable(TEST_UTIL, tblUser.getShortName(),
-      tableName, family1, null, Permission.Action.READ);
+      // grant column family read permission
+      grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);
+      grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family1, null,
+        Permission.Action.READ);
 
-    // Access should be denied for family2
-    verifyAllowed(tblUser, getActionAll, getAction1);
-    verifyDenied(tblUser, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      // Access should be denied for family2
+      verifyAllowed(tblUser, getActionAll, getAction1);
+      verifyDenied(tblUser, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(gblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // grant column family write permission
-    grantGlobal(TEST_UTIL, gblUser.getShortName(),
-      Permission.Action.WRITE);
-    grantOnTable(TEST_UTIL, tblUser.getShortName(),
-      tableName, family2, null, Permission.Action.WRITE);
+      // grant column family write permission
+      grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);
+      grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null,
+        Permission.Action.WRITE);
 
-    // READ from family1, WRITE to family2 are allowed
-    verifyAllowed(tblUser, getActionAll, getAction1);
-    verifyAllowed(tblUser, putAction2, deleteAction2);
-    verifyDenied(tblUser, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1);
+      // READ from family1, WRITE to family2 are allowed
+      verifyAllowed(tblUser, getActionAll, getAction1);
+      verifyAllowed(tblUser, putAction2, deleteAction2);
+      verifyDenied(tblUser, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1);
 
-    verifyDenied(gblUser, getActionAll, getAction1, getAction2);
-    verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
-    verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+      verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
+      verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // revoke column family permission
-    revokeGlobal(TEST_UTIL, gblUser.getShortName());
-    revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null);
+      // revoke column family permission
+      revokeGlobal(TEST_UTIL, gblUser.getShortName());
+      revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null);
 
-    // Revoke on family2 should not have impact on family1 permissions
-    verifyAllowed(tblUser, getActionAll, getAction1);
-    verifyDenied(tblUser, getAction2);
-    verifyDenied(tblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+      // Revoke on family2 should not have impact on family1 permissions
+      verifyAllowed(tblUser, getActionAll, getAction1);
+      verifyDenied(tblUser, getAction2);
+      verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // Should not have access as global permissions are completely revoked
-    verifyDenied(gblUser, getActionAll, getAction1, getAction2);
-    verifyDenied(gblUser, putActionAll, putAction1, putAction2);
-    verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+      // Should not have access as global permissions are completely revoked
+      verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+      verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+      verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
-    // delete table
-    deleteTable(TEST_UTIL, tableName);
+    } finally {
+      // delete table
+      deleteTable(TEST_UTIL, tableName);
+    }
   }
 
   private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> perms) {
@@ -1290,93 +1290,90 @@ public class TestAccessController extends SecureTestUtil {
     htd.addFamily(new HColumnDescriptor(family1));
     htd.addFamily(new HColumnDescriptor(family2));
     createTable(TEST_UTIL, htd);
+    try {
+      // create temp users
+      User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
 
-    // create temp users
-    User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
-
-    AccessTestAction getQualifierAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Get g = new Get(TEST_ROW);
-        g.addColumn(family1, qualifier);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.get(g);
+      AccessTestAction getQualifierAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Get g = new Get(TEST_ROW);
+          g.addColumn(family1, qualifier);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.get(g);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction putQualifierAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Put p = new Put(TEST_ROW);
-        p.add(family1, qualifier, Bytes.toBytes("v1"));
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.put(p);
+      AccessTestAction putQualifierAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Put p = new Put(TEST_ROW);
+          p.add(family1, qualifier, Bytes.toBytes("v1"));
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.put(p);
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    AccessTestAction deleteQualifierAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        Delete d = new Delete(TEST_ROW);
-        d.deleteColumn(family1, qualifier);
-        // d.deleteFamily(family1);
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(tableName)) {
-          t.delete(d);
+      AccessTestAction deleteQualifierAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          Delete d = new Delete(TEST_ROW);
+          d.deleteColumn(family1, qualifier);
+          // d.deleteFamily(family1);
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(tableName)) {
+            t.delete(d);
+          }
+          return null;
         }
-        return null;
-      }
-    };
-
-    revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, null);
+      };
 
-    verifyDenied(user, getQualifierAction);
-    verifyDenied(user, putQualifierAction);
-    verifyDenied(user, deleteQualifierAction);
+      revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, null);
 
-    grantOnTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier,
-      Permission.Action.READ);
+      verifyDenied(user, getQualifierAction);
+      verifyDenied(user, putQualifierAction);
+      verifyDenied(user, deleteQualifierAction);
 
-    verifyAllowed(user, getQualifierAction);
-    verifyDenied(user, putQualifierAction);
-    verifyDenied(user, deleteQualifierAction);
+      grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.READ);
 
-    // only grant write permission
-    // TODO: comment this portion after HBASE-3583
-    grantOnTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier,
-      Permission.Action.WRITE);
+      verifyAllowed(user, getQualifierAction);
+      verifyDenied(user, putQualifierAction);
+      verifyDenied(user, deleteQualifierAction);
 
-    verifyDenied(user, getQualifierAction);
-    verifyAllowed(user, putQualifierAction);
-    verifyAllowed(user, deleteQualifierAction);
+      // only grant write permission
+      // TODO: comment this portion after HBASE-3583
+      grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.WRITE);
 
-    // grant both read and write permission
-    grantOnTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier,
-      Permission.Action.READ, Permission.Action.WRITE);
+      verifyDenied(user, getQualifierAction);
+      verifyAllowed(user, putQualifierAction);
+      verifyAllowed(user, deleteQualifierAction);
 
-    verifyAllowed(user, getQualifierAction);
-    verifyAllowed(user, putQualifierAction);
-    verifyAllowed(user, deleteQualifierAction);
+      // grant both read and write permission
+      grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.READ, Permission.Action.WRITE);
 
-    // revoke family level permission won't impact column level
-    revokeFromTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier);
+      verifyAllowed(user, getQualifierAction);
+      verifyAllowed(user, putQualifierAction);
+      verifyAllowed(user, deleteQualifierAction);
 
-    verifyDenied(user, getQualifierAction);
-    verifyDenied(user, putQualifierAction);
-    verifyDenied(user, deleteQualifierAction);
+      // revoke family level permission won't impact column level
+      revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier);
 
-    // delete table
-    deleteTable(TEST_UTIL, tableName);
+      verifyDenied(user, getQualifierAction);
+      verifyDenied(user, putQualifierAction);
+      verifyDenied(user, deleteQualifierAction);
+    } finally {
+      // delete table
+      deleteTable(TEST_UTIL, tableName);
+    }
   }
 
   @Test
@@ -1399,115 +1396,116 @@ public class TestAccessController extends SecureTestUtil {
     createTable(TEST_UTIL, htd);
 
     List<UserPermission> perms;
-
-    Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
     try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
-    } finally {
-      acl.close();
-    }
+      Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
+      try {
+        BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+        perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+      } finally {
+        acl.close();
+      }
 
-    UserPermission ownerperm = new UserPermission(
-      Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
-    assertTrue("Owner should have all permissions on table",
+      UserPermission ownerperm =
+          new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
+      assertTrue("Owner should have all permissions on table",
         hasFoundUserPermission(ownerperm, perms));
 
-    User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
-    byte[] userName = Bytes.toBytes(user.getShortName());
+      User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
+      byte[] userName = Bytes.toBytes(user.getShortName());
 
-    UserPermission up = new UserPermission(userName,
-      tableName, family1, qualifier, Permission.Action.READ);
-    assertFalse("User should not be granted permission: " + up.toString(),
-      hasFoundUserPermission(up, perms));
+      UserPermission up =
+          new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ);
+      assertFalse("User should not be granted permission: " + up.toString(),
+        hasFoundUserPermission(up, perms));
 
-    // grant read permission
-    grantOnTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier, Permission.Action.READ);
+      // grant read permission
+      grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.READ);
 
-    acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
-    } finally {
-      acl.close();
-    }
+      acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
+      try {
+        BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+        perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+      } finally {
+        acl.close();
+      }
 
-    UserPermission upToVerify = new UserPermission(
-      userName, tableName, family1, qualifier, Permission.Action.READ);
-    assertTrue("User should be granted permission: " + upToVerify.toString(),
-      hasFoundUserPermission(upToVerify, perms));
+      UserPermission upToVerify =
+          new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ);
+      assertTrue("User should be granted permission: " + upToVerify.toString(),
+        hasFoundUserPermission(upToVerify, perms));
 
-    upToVerify = new UserPermission(
-      userName, tableName, family1, qualifier, Permission.Action.WRITE);
-    assertFalse("User should not be granted permission: " + upToVerify.toString(),
-      hasFoundUserPermission(upToVerify, perms));
+      upToVerify =
+          new UserPermission(userName, tableName, family1, qualifier, Permission.Action.WRITE);
+      assertFalse("User should not be granted permission: " + upToVerify.toString(),
+        hasFoundUserPermission(upToVerify, perms));
 
-    // grant read+write
-    grantOnTable(TEST_UTIL, user.getShortName(),
-      tableName, family1, qualifier,
-      Permission.Action.WRITE, Permission.Action.READ);
+      // grant read+write
+      grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.WRITE, Permission.Action.READ);
 
-    acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
-    } finally {
-      acl.close();
-    }
+      acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
+      try {
+        BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+        perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+      } finally {
+        acl.close();
+      }
 
-    upToVerify = new UserPermission(userName, tableName, family1,
-      qualifier, Permission.Action.WRITE, Permission.Action.READ);
-    assertTrue("User should be granted permission: " + upToVerify.toString(),
-      hasFoundUserPermission(upToVerify, perms));
+      upToVerify =
+          new UserPermission(userName, tableName, family1, qualifier, Permission.Action.WRITE,
+              Permission.Action.READ);
+      assertTrue("User should be granted permission: " + upToVerify.toString(),
+        hasFoundUserPermission(upToVerify, perms));
 
-    // revoke
-    revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
-      Permission.Action.WRITE, Permission.Action.READ);
+      // revoke
+      revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.WRITE, Permission.Action.READ);
 
-    acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
-    } finally {
-      acl.close();
-    }
+      acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
+      try {
+        BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+        perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+      } finally {
+        acl.close();
+      }
 
-    assertFalse("User should not be granted permission: " + upToVerify.toString(),
+      assertFalse("User should not be granted permission: " + upToVerify.toString(),
         hasFoundUserPermission(upToVerify, perms));
 
-    // disable table before modification
-    admin.disableTable(tableName);
+      // disable table before modification
+      admin.disableTable(tableName);
 
-    User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
-    htd.setOwner(newOwner);
-    admin.modifyTable(tableName, htd);
+      User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
+      htd.setOwner(newOwner);
+      admin.modifyTable(tableName, htd);
 
-    acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
-    } finally {
-      acl.close();
-    }
+      acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
+      try {
+        BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+        perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+      } finally {
+        acl.close();
+      }
 
-    UserPermission newOwnerperm = new UserPermission(
-      Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
-    assertTrue("New owner should have all permissions on table",
+      UserPermission newOwnerperm =
+          new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
+      assertTrue("New owner should have all permissions on table",
         hasFoundUserPermission(newOwnerperm, perms));
-
-    // delete table
-    deleteTable(TEST_UTIL, tableName);
+    } finally {
+      // delete table
+      deleteTable(TEST_UTIL, tableName);
+    }
   }
 
   @Test
@@ -1571,127 +1569,134 @@ public class TestAccessController extends SecureTestUtil {
     User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
 
     grantOnTable(TEST_UTIL, userTable.getShortName(),
-      TEST_TABLE.getTableName(), null, null,
+      TEST_TABLE, null, null,
       Permission.Action.READ);
     grantOnTable(TEST_UTIL, userColumn.getShortName(),
-      TEST_TABLE.getTableName(), TEST_FAMILY, null,
+      TEST_TABLE, TEST_FAMILY, null,
       Permission.Action.READ);
     grantOnTable(TEST_UTIL, userQualifier.getShortName(),
-      TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
+      TEST_TABLE, TEST_FAMILY, TEST_Q1,
       Permission.Action.READ);
 
-    AccessTestAction tableRead = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), null, null,
-          Permission.Action.READ);
-        return null;
-      }
-    };
-
-    AccessTestAction columnRead = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
-          Permission.Action.READ);
-        return null;
-      }
-    };
+    try {
+      AccessTestAction tableRead = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);
+          return null;
+        }
+      };
 
-    AccessTestAction qualifierRead = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
-          Permission.Action.READ);
-        return null;
-      }
-    };
+      AccessTestAction columnRead = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
+          return null;
+        }
+      };
 
-    AccessTestAction multiQualifierRead = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[] {
-            new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
-              Permission.Action.READ),
-            new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q2,
-              Permission.Action.READ), });
-        return null;
-      }
-    };
+      AccessTestAction qualifierRead = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+          return null;
+        }
+      };
 
-    AccessTestAction globalAndTableRead = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(),
-          new Permission[] { new Permission(Permission.Action.READ),
-            new TablePermission(TEST_TABLE.getTableName(), null, (byte[]) null,
-            Permission.Action.READ), });
-        return null;
-      }
-    };
+      AccessTestAction multiQualifierRead = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {
+              new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ),
+              new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q2, Permission.Action.READ), });
+          return null;
+        }
+      };
 
-    AccessTestAction noCheck = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[0]);
-        return null;
-      }
-    };
+      AccessTestAction globalAndTableRead = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {
+              new Permission(Permission.Action.READ),
+              new TablePermission(TEST_TABLE, null, (byte[]) null, Permission.Action.READ), });
+          return null;
+        }
+      };
 
-    verifyAllowed(tableRead, SUPERUSER, userTable);
-    verifyDenied(tableRead, userColumn, userQualifier);
+      AccessTestAction noCheck = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[0]);
+          return null;
+        }
+      };
 
-    verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
-    verifyDenied(columnRead, userQualifier);
+      verifyAllowed(tableRead, SUPERUSER, userTable);
+      verifyDenied(tableRead, userColumn, userQualifier);
 
-    verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);
+      verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
+      verifyDenied(columnRead, userQualifier);
 
-    verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
-    verifyDenied(multiQualifierRead, userQualifier);
+      verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);
 
-    verifyAllowed(globalAndTableRead, SUPERUSER);
-    verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);
+      verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
+      verifyDenied(multiQualifierRead, userQualifier);
 
-    verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);
+      verifyAllowed(globalAndTableRead, SUPERUSER);
+      verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);
 
-    // --------------------------------------
-    // test family level multiple permissions
-    AccessTestAction familyReadWrite = new AccessTestAction() {
-      @Override
-      public Void run() throws Exception {
-        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
-          Permission.Action.READ, Permission.Action.WRITE);
-        return null;
-      }
-    };
+      verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);
 
-    verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
-    verifyDenied(familyReadWrite, USER_NONE, USER_RO);
+      // --------------------------------------
+      // test family level multiple permissions
+      AccessTestAction familyReadWrite = new AccessTestAction() {
+        @Override
+        public Void run() throws Exception {
+          checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ,
+            Permission.Action.WRITE);
+          return null;
+        }
+      };
 
-    // --------------------------------------
-    // check for wrong table region
-    CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder()
-      .addPermission(AccessControlProtos.Permission.newBuilder()
-          .setType(AccessControlProtos.Permission.Type.Table)
-          .setTablePermission(
-              AccessControlProtos.TablePermission.newBuilder()
-                  .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName()))
-                  .addAction(AccessControlProtos.Permission.Action.CREATE))
-      ).build();
-    Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(channel);
+      verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
+      verifyDenied(familyReadWrite, USER_NONE, USER_RO);
+
+      // --------------------------------------
+      // check for wrong table region
+      CheckPermissionsRequest checkRequest =
+          CheckPermissionsRequest
+              .newBuilder()
+              .addPermission(
+                AccessControlProtos.Permission
+                    .newBuilder()
+                    .setType(AccessControlProtos.Permission.Type.Table)
+                    .setTablePermission(
+                      AccessControlProtos.TablePermission.newBuilder()
+                          .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE))
+                          .addAction(AccessControlProtos.Permission.Action.CREATE))).build();
+      Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
       try {
-        // but ask for TablePermissions for TEST_TABLE
-        protocol.checkPermissions(null, checkRequest);
-        fail("this should have thrown CoprocessorException");
-      } catch (ServiceException ex) {
-        // expected
+        BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+        AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(channel);
+        try {
+          // but ask for TablePermissions for TEST_TABLE
+          protocol.checkPermissions(null, checkRequest);
+          fail("this should have thrown CoprocessorException");
+        } catch (ServiceException ex) {
+          // expected
+        }
+      } finally {
+        acl.close();
       }
+
     } finally {
-      acl.close();
+      revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null,
+        Permission.Action.READ);
+      revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+        Permission.Action.READ);
+      revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1,
+        Permission.Action.READ);
     }
   }
 
@@ -1754,10 +1759,10 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testSnapshot() throws Exception {
     Admin admin = TEST_UTIL.getHBaseAdmin();
-    final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE.getTableName());
+    final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE);
     SnapshotDescription.Builder builder = SnapshotDescription.newBuilder();
-    builder.setName(TEST_TABLE.getTableName().getNameAsString() + "-snapshot");
-    builder.setTable(TEST_TABLE.getTableName().getNameAsString());
+    builder.setName(TEST_TABLE.getNameAsString() + "-snapshot");
+    builder.setTable(TEST_TABLE.getNameAsString());
     final SnapshotDescription snapshot = builder.build();
     AccessTestAction snapshotAction = new AccessTestAction() {
       @Override
@@ -1811,10 +1816,10 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testSnapshotWithOwner() throws Exception {
     Admin admin = TEST_UTIL.getHBaseAdmin();
-    final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE.getTableName());
+    final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE);
     SnapshotDescription.Builder builder = SnapshotDescription.newBuilder();
-    builder.setName(TEST_TABLE.getTableName().getNameAsString() + "-snapshot");
-    builder.setTable(TEST_TABLE.getTableName().getNameAsString());
+    builder.setName(TEST_TABLE.getNameAsString() + "-snapshot");
+    builder.setTable(TEST_TABLE.getNameAsString());
     builder.setOwner(USER_OWNER.getName());
     final SnapshotDescription snapshot = builder.build();
     AccessTestAction snapshotAction = new AccessTestAction() {
@@ -1869,15 +1874,6 @@ public class TestAccessController extends SecureTestUtil {
     LOG.debug("Test for global authorization for a new registered RegionServer.");
     MiniHBaseCluster hbaseCluster = TEST_UTIL.getHBaseCluster();
 
-    // Since each RegionServer running on different user, add global
-    // permissions for the new user.
-    String currentUser = User.getCurrent().getShortName();
-    String activeUserForNewRs = currentUser + ".hfs." +
-      hbaseCluster.getLiveRegionServerThreads().size();
-    grantGlobal(TEST_UTIL, activeUserForNewRs,
-      Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ,
-        Permission.Action.WRITE);
-
     final Admin admin = TEST_UTIL.getHBaseAdmin();
     HTableDescriptor htd = new HTableDescriptor(TEST_TABLE2);
     htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
@@ -1942,34 +1938,39 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant TABLE ADMIN privs
     grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(),
-      TEST_TABLE.getTableName(), null, null,
+      TEST_TABLE, null, null,
       Permission.Action.ADMIN);
-
-    AccessTestAction listTablesAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
-             Admin admin = conn.getAdmin()) {
-          return Arrays.asList(admin.listTables());
+    try {
+      AccessTestAction listTablesAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+              Admin admin = conn.getAdmin()) {
+            return Arrays.asList(admin.listTables());
+          }
         }
-      }
-    };
+      };
 
-    AccessTestAction getTableDescAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
-            Admin admin = conn.getAdmin();) {
-          return admin.getTableDescriptor(TEST_TABLE.getTableName());
+      AccessTestAction getTableDescAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+              Admin admin = conn.getAdmin();) {
+            return admin.getTableDescriptor(TEST_TABLE);
+          }
         }
-      }
-    };
+      };
 
-    verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN);
-    verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE);
+      verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN);
+      verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE);
 
-    verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN);
-    verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE);
+      verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN);
+      verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE);
+    } finally {
+      // Cleanup, revoke TABLE ADMIN privs
+      revokeFromTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,
+        Permission.Action.ADMIN);
+    }
   }
 
   @Test
@@ -1996,19 +1997,21 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testTableDeletion() throws Exception {
     User TABLE_ADMIN = User.createUserForTesting(conf, "TestUser", new String[0]);
+    final TableName tname = TableName.valueOf("testTableDeletion");
+    createTestTable(tname);
 
     // Grant TABLE ADMIN privs
-    grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(),
-      TEST_TABLE.getTableName(), null, null,
+    grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), tname, null, null,
       Permission.Action.ADMIN);
 
     AccessTestAction deleteTableAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        Connection unmanagedConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+        Connection unmanagedConnection =
+            ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
         Admin admin = unmanagedConnection.getAdmin();
         try {
-          deleteTable(TEST_UTIL, admin, TEST_TABLE.getTableName());
+          deleteTable(TEST_UTIL, admin, tname);
         } finally {
           admin.close();
           unmanagedConnection.close();
@@ -2021,19 +2024,28 @@ public class TestAccessController extends SecureTestUtil {
     verifyAllowed(deleteTableAction, TABLE_ADMIN);
   }
 
+  private void createTestTable(TableName tname) throws Exception {
+    HTableDescriptor htd = new HTableDescriptor(tname);
+    HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
+    hcd.setMaxVersions(100);
+    htd.addFamily(hcd);
+    htd.setOwner(USER_OWNER);
+    TEST_UTIL.createTable(htd, new byte[][] { Bytes.toBytes("s") });
+  }
+
   @Test
   public void testNamespaceUserGrant() throws Exception {
     AccessTestAction getAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName());) {
+            Table t = conn.getTable(TEST_TABLE);) {
           return t.get(new Get(TEST_ROW));
         }
       }
     };
 
-    String namespace = TEST_TABLE.getTableName().getNamespaceAsString();
+    String namespace = TEST_TABLE.getNamespaceAsString();
 
     // Grant namespace READ to USER_NONE, this should supersede any table permissions
     grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
@@ -2053,7 +2065,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           return t.get(new Get(TEST_ROW));
         }
       }
@@ -2062,26 +2074,30 @@ public class TestAccessController extends SecureTestUtil {
     verifyDenied(getAction, testGrantRevoke);
 
     // Grant table READ permissions to testGrantRevoke.
+    String userName = testGrantRevoke.getShortName();
     try {
-      grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGrantRevoke.getShortName(),
-          TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
+      grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection,
+        userName, TEST_TABLE, null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
+    try {
+      // Now testGrantRevoke should be able to read also
+      verifyAllowed(getAction, testGrantRevoke);
 
-    // Now testGrantRevoke should be able to read also
-    verifyAllowed(getAction, testGrantRevoke);
+      // Revoke table READ permission to testGrantRevoke.
+      try {
+        revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,
+          TEST_TABLE, null, null, Permission.Action.READ);
+      } catch (Throwable e) {
+        LOG.error("error during call of AccessControlClient.revoke ", e);
+      }
 
-    // Revoke table READ permission to testGrantRevoke.
-    try {
-      revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGrantRevoke.getShortName(),
-          TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
-    } catch (Throwable e) {
-      LOG.error("error during call of AccessControlClient.revoke ", e);
+      // Now testGrantRevoke shouldn't be able read
+      verifyDenied(getAction, testGrantRevoke);
+    } finally {
+      revokeGlobal(TEST_UTIL, userName, Permission.Action.READ);
     }
-
-    // Now testGrantRevoke shouldn't be able read
-    verifyDenied(getAction, testGrantRevoke);
   }
 
   @Test
@@ -2093,7 +2109,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           return t.get(new Get(TEST_ROW));
         }
       }
@@ -2102,26 +2118,30 @@ public class TestAccessController extends SecureTestUtil {
     verifyDenied(getAction, testGlobalGrantRevoke);
 
     // Grant table READ permissions to testGlobalGrantRevoke.
+    String userName = testGlobalGrantRevoke.getShortName();
     try {
       grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection,
-          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
+          userName, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
+    try {
+      // Now testGlobalGrantRevoke should be able to read also
+      verifyAllowed(getAction, testGlobalGrantRevoke);
 
-    // Now testGlobalGrantRevoke should be able to read also
-    verifyAllowed(getAction, testGlobalGrantRevoke);
+      // Revoke table READ permission to testGlobalGrantRevoke.
+      try {
+        revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection,
+          userName, Permission.Action.READ);
+      } catch (Throwable e) {
+        LOG.error("error during call of AccessControlClient.revoke ", e);
+      }
 
-    // Revoke table READ permission to testGlobalGrantRevoke.
-    try {
-      revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection,
-          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
-    } catch (Throwable e) {
-      LOG.error("error during call of AccessControlClient.revoke ", e);
+      // Now testGlobalGrantRevoke shouldn't be able read
+      verifyDenied(getAction, testGlobalGrantRevoke);
+    } finally {
+      revokeGlobal(TEST_UTIL, userName, Permission.Action.READ);
     }
-
-    // Now testGlobalGrantRevoke shouldn't be able read
-    verifyDenied(getAction, testGlobalGrantRevoke);
   }
 
   @Test
@@ -2132,7 +2152,7 @@ public class TestAccessController extends SecureTestUtil {
       @Override
       public Object run() throws Exception {
         try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName())) {
+            Table t = conn.getTable(TEST_TABLE)) {
           return t.get(new Get(TEST_ROW));
         }
       }
@@ -2140,27 +2160,32 @@ public class TestAccessController extends SecureTestUtil {
 
     verifyDenied(getAction, testNS);
 
+    String userName = testNS.getShortName();
+    String namespace = TEST_TABLE.getNamespaceAsString();
     // Grant namespace READ to testNS, this should supersede any table permissions
     try {
-      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, testNS.getShortName(),
-          TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
+      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,
+        namespace, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
+    try {
+      // Now testNS should be able to read also
+      verifyAllowed(getAction, testNS);
 
-    // Now testNS should be able to read also
-    verifyAllowed(getAction, testNS);
+      // Revoke namespace READ to testNS, this should supersede any table permissions
+      try {
+        revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,
+          namespace, Permission.Action.READ);
+      } catch (Throwable e) {
+        LOG.error("error during call of AccessControlClient.revoke ", e);
+      }
 
-    // Revoke namespace READ to testNS, this should supersede any table permissions
-    try {
-      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, testNS.getShortName(),
-          TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
-    } catch (Throwable e) {
-      LOG.error("error during call of AccessControlClient.revoke ", e);
+      // Now testNS shouldn't be able read
+      verifyDenied(getAction, testNS);
+    } finally {
+      revokeFromNamespace(TEST_UTIL, userName, namespace, Permission.Action.READ);
     }
-
-    // Now testNS shouldn't be able read
-    verifyDenied(getAction, testNS);
   }
 
 
@@ -2215,7 +2240,7 @@ public class TestAccessController extends SecureTestUtil {
     for (JVMClusterUtil.RegionServerThread thread:
         TEST_UTIL.getMiniHBaseCluster().getRegionServerThreads()) {
       HRegionServer rs = thread.getRegionServer();
-      for (Region region: rs.getOnlineRegions(TEST_TABLE.getTableName())) {
+      for (Region region: rs.getOnlineRegions(TEST_TABLE)) {
         region.getCoprocessorHost().load(PingCoprocessor.class,
           Coprocessor.PRIORITY_USER, conf);
       }
@@ -2227,32 +2252,37 @@ public class TestAccessController extends SecureTestUtil {
     User userB = User.createUserForTesting(conf, "UserB", new String[0]);
 
     grantOnTable(TEST_UTIL, userA.getShortName(),
-      TEST_TABLE.getTableName(), null, null,
+      TEST_TABLE, null, null,
       Permission.Action.EXEC);
-
-    // Create an action for invoking our test endpoint
-    AccessTestAction execEndpointAction = new AccessTestAction() {
-      @Override
-      public Object run() throws Exception {
-        try(Connection conn = ConnectionFactory.createConnection(conf);
-            Table t = conn.getTable(TEST_TABLE.getTableName());) {
-          BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);
-          PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build());
+    try {
+      // Create an action for invoking our test endpoint
+      AccessTestAction execEndpointAction = new AccessTestAction() {
+        @Override
+        public Object run() throws Exception {
+          try (Connection conn = ConnectionFactory.createConnection(conf);
+              Table t = conn.getTable(TEST_TABLE);) {
+            BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);
+            PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build());
+          }
+          return null;
         }
-        return null;
-      }
-    };
+      };
 
-    String namespace = TEST_TABLE.getTableName().getNamespaceAsString();
-    // Now grant EXEC to the entire namespace to user B
-    grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);
-    // User B should now be allowed also
-    verifyAllowed(execEndpointAction, userA, userB);
+      String namespace = TEST_TABLE.getNamespaceAsString();
+      // Now grant EXEC to the entire namespace to user B
+      grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);
+      // User B should now be allowed also
+      verifyAllowed(execEndpointAction, userA, userB);
 
-    revokeFromNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);
-    // Verify that EXEC permission is checked correctly
-    verifyDenied(execEndpointAction, userB);
-    verifyAllowed(execEndpointAction, userA);
+      revokeFromNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);
+      // Verify that EXEC permission is checked correctly
+      verifyDenied(execEndpointAction, userB);
+      verifyAllowed(execEndpointAction, userA);
+    } finally {
+      // Cleanup, revoke the userA privileges
+      revokeFromTable(TEST_UTIL, userA.getShortName(), TEST_TABLE, null, null,
+        Permission.Action.EXEC);
+    }
   }
 
   @Test
@@ -2260,7 +2290,7 @@ public class TestAccessController extends SecureTestUtil {
     AccessTestAction putWithReservedTag = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        Table t = new HTable(conf, TEST_TABLE.getTableName());
+        Table t = new HTable(conf, TEST_TABLE);
         try {
           KeyValue kv = new KeyValue(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
             HConstants.LATEST_TIMESTAMP, HConstants.EMPTY_BYTE_ARRAY,
@@ -2302,15 +2332,15 @@ public class TestAccessController extends SecureTestUtil {
   public void testTruncatePerms() throws Throwable {
     List<UserPermission> existingPerms =
         AccessControlClient.getUserPermissions(systemUserConnection,
-            TEST_TABLE.getTableName().getNameAsString());
+            TEST_TABLE.getNameAsString());
     assertTrue(existingPerms != null);
     assertTrue(existingPerms.size() > 1);
     try (Admin admin = systemUserConnection.getAdmin()) {
-      admin.disableTable(TEST_TABLE.getTableName());
-      admin.truncateTable(TEST_TABLE.getTableName(), true);
+      admin.disableTable(TEST_TABLE);
+      admin.truncateTable(TEST_TABLE, true);
     }
     List<UserPermission> perms = AccessControlClient.getUserPermissions(systemUserConnection,
-        TEST_TABLE.getTableName().getNameAsString());
+        TEST_TABLE.getNameAsString());
     assertTrue(perms != null);
     assertEquals(existingPerms.size(), perms.size());
   }
@@ -2331,20 +2361,21 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testAccessControlClientUserPerms() throws Exception {
-    // adding default prefix explicitly as it is not included in the table name.
-    assertEquals(NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
-                 TEST_TABLE.getTableName().getNamespaceAsString());
-    final String regex = NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR +
-      TableName.NAMESPACE_DELIM + TEST_TABLE.getTableName().getNameAsString();
-    User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]);
-    assertEquals(0, testUserPerms.runAs(getPrivilegedAction(regex)).size());
-    // Grant TABLE ADMIN privs to testUserPerms
-    grantOnTable(TEST_UTIL, testUserPerms.getShortName(), TEST_TABLE.getTableName(), null,
-      null, Action.ADMIN);
-    List<UserPermission> perms = testUserPerms.runAs(getPrivilegedAction(regex));
-    assertNotNull(perms);
-    // USER_ADMIN, USER_CREATE, USER_RW, USER_RO, testUserPerms, USER_ADMIN_CF has row each.
-    assertEquals(6, perms.size());
+    TableName tname = TableName.valueOf("testAccessControlClientUserPerms");
+    createTestTable(tname);
+    try {
+      final String regex = tname.getNameWithNamespaceInclAsString();
+      User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]);
+      assertEquals(0, testUserPerms.runAs(getPrivilegedAction(regex)).size());
+      // Grant TABLE ADMIN privs to testUserPerms
+      grantOnTable(TEST_UTIL, testUserPerms.getShortName(), tname, null, null, Action.ADMIN);
+      List<UserPermission> perms = testUserPerms.runAs(getPrivilegedAction(regex));
+      assertNotNull(perms);
+      // Superuser, testUserPerms
+      assertEquals(2, perms.size());
+    } finally {
+      deleteTable(TEST_UTIL, tname);
+    }
   }
 
   @Test
@@ -2407,14 +2438,16 @@ public class TestAccessController extends SecureTestUtil {
     AccessTestAction prepareBulkLoadAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        ACCESS_CONTROLLER.prePrepareBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null), null);
+        ACCESS_CONTROLLER.prePrepareBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null),
+          null);
         return null;
       }
     };
     AccessTestAction cleanupBulkLoadAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
-        ACCESS_CONTROLLER.preCleanupBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null), null);
+        ACCESS_CONTROLLER.preCleanupBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null),
+          null);
         return null;
       }
     };
@@ -2438,7 +2471,7 @@ public class TestAccessController extends SecureTestUtil {
     verifyAllowed(replicateLogEntriesAction, SUPERUSER, USER_ADMIN);
     verifyDenied(replicateLogEntriesAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);
   }
-  
+
   @Test
   public void testSetQuota() throws Exception {
     AccessTestAc

<TRUNCATED>

Mime
View raw message