Return-Path: 
 <dev-return-45683-apmail-hbase-dev-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-dev-archive@www.apache.org
Delivered-To: apmail-hbase-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 767BA11181
	for <apmail-hbase-dev-archive@www.apache.org>;
 Tue, 10 Jun 2014 14:38:07 +0000 (UTC)
Received: (qmail 85838 invoked by uid 500); 10 Jun 2014 14:38:06 -0000
Delivered-To: apmail-hbase-dev-archive@hbase.apache.org
Received: (qmail 84043 invoked by uid 500); 10 Jun 2014 14:38:03 -0000
Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hbase.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hbase.apache.org>
List-Post: <mailto:dev@hbase.apache.org>
List-Id: <dev.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list dev@hbase.apache.org
Received: (qmail 83852 invoked by uid 99); 10 Jun 2014 14:38:02 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jun 2014 14:38:02 +0000
Date: Tue, 10 Jun 2014 14:38:02 +0000 (UTC)
From: "Ted Yu (JIRA)" <jira@apache.org>
To: dev@hbase.apache.org
Message-ID: <JIRA.12718622.1401973352049.101661.1402411082732@arcas>
In-Reply-To: <JIRA.12718622.1401973352049@arcas>
References: <JIRA.12718622.1401973352049@arcas>
Subject: [jira] [Resolved] (HBASE-11300) Wrong permission check for
 checkAndPut in AccessController
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HBASE-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ted Yu resolved HBASE-11300.
----------------------------

    Resolution: Invalid

> Wrong permission check for checkAndPut in AccessController
> ----------------------------------------------------------
>
>                 Key: HBASE-11300
>                 URL: https://issues.apache.org/jira/browse/HBASE-11300
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.99.0
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>
> For the checkAndPut operation, the AccessController only checks the read and write permission for the family and qualifier to check, but ignores the write permission for the family map of "put". What's more,  we don't need the write permission for the family and qualifier to check.
> See the code AccessController.java #1538
> {code}
>     Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
>     User user = getActiveUser();
>     AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
>       Action.READ, Action.WRITE);
> {code}
> Same problem for checkAndDelete operation.



--
This message was sent by Atlassian JIRA
(v6.2#6252)