hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
Date Thu, 19 Apr 2012 00:12:40 GMT

    [ https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257104#comment-13257104
] 

Andrew Purtell commented on HBASE-5787:
---------------------------------------

This seems fine. The initial implementation had the notion of requiring ADMIN for any table
op that has global cluster implications, but then went back and changed that to allow at least
users to create tables if they had CREATE permission. The delete case seems a bug. All around
an area that required improvement.
                
> Table owner can't disable/delete its own table
> ----------------------------------------------
>
>                 Key: HBASE-5787
>                 URL: https://issues.apache.org/jira/browse/HBASE-5787
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.92.1, 0.94.0, 0.96.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>            Priority: Minor
>              Labels: acl, security
>             Fix For: 0.92.2, 0.96.0, 0.94.1
>
>         Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch, HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it, because disable
operation require ADMIN privileges. Also if a table is already disabled, anyone can remove
it.
> {code}
> public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
>     byte[] tableName) throws IOException {
>   requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
>     byte[] tableName) throws IOException {
>   /* TODO: Allow for users with global CREATE permission and the table owner */
>   requirePermission(Permission.Action.ADMIN);
> }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message