hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-14950) Create table with AC fails when quota is enabled
Date Tue, 08 Dec 2015 12:32:10 GMT
Ashish Singhi created HBASE-14950:
-------------------------------------

             Summary: Create table with AC fails when quota is enabled
                 Key: HBASE-14950
                 URL: https://issues.apache.org/jira/browse/HBASE-14950
             Project: HBase
          Issue Type: Bug
    Affects Versions: 0.98.16, 1.1.2, 2.0.0, 1.2.0, 1.3.0
            Reporter: Ashish Singhi
            Priority: Minor


Scenario:
1. Set hbase.quota.enabled to true
2. As per the [ACL matrix | http://hbase.apache.org/book.html#appendix_acl_matrix] for create
table, grant '@group1', 'C', '@ns1'
3. create 't1', 'd'  -- *Failed*
{noformat}
ERROR: java.io.IOException: Namespace Descriptor found null for default This is unexpected.
	at org.apache.hadoop.hbase.namespace.NamespaceStateManager.checkAndUpdateNamespaceTableCount(NamespaceStateManager.java:170)
	at org.apache.hadoop.hbase.namespace.NamespaceAuditor.checkQuotaToCreateTable(NamespaceAuditor.java:76)
	at org.apache.hadoop.hbase.quotas.MasterQuotaManager.checkNamespaceTableAndRegionQuota(MasterQuotaManager.java:312)
	at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1445)
	at org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:428)
	at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:49404)
	at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2136)
	at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
	at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133)
	at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108)
	at java.lang.Thread.run(Thread.java:745)
{noformat}
When quota is enabled, then as part of createTable we internally also call getNamespaceDescriptor
which needs 'A' privilege.

So when quota is enabled we need both C and A permission to create a table. ACL Matrix needs
to be updated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message