Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 78A1DC35E for ; Fri, 8 Jun 2012 01:05:24 +0000 (UTC) Received: (qmail 68225 invoked by uid 500); 8 Jun 2012 01:05:24 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 68121 invoked by uid 500); 8 Jun 2012 01:05:24 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 67899 invoked by uid 99); 8 Jun 2012 01:05:23 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jun 2012 01:05:23 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id D6A42142859 for ; Fri, 8 Jun 2012 01:05:23 +0000 (UTC) Date: Fri, 8 Jun 2012 01:05:23 +0000 (UTC) From: "Enis Soztutar (JIRA)" To: issues@hbase.apache.org Message-ID: <1539992336.50973.1339117523881.JavaMail.jiratomcat@issues-vm> In-Reply-To: <1425445499.21973.1328829417768.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Assigned] (HBASE-5372) Table mutation operations should check table level rights, not global rights MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-5372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enis Soztutar reassigned HBASE-5372: ------------------------------------ Assignee: Laxman (was: Enis Soztutar) Sure by all means go ahead, I'll assign the issue to you. > Table mutation operations should check table level rights, not global rights > ----------------------------------------------------------------------------- > > Key: HBASE-5372 > URL: https://issues.apache.org/jira/browse/HBASE-5372 > Project: HBase > Issue Type: Sub-task > Components: security > Reporter: Enis Soztutar > Assignee: Laxman > > getUserPermissions(tableName)/grant/revoke and drop/modify table operations should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. The reasoning is that if a user is able to admin or read from a table, she should be able to read the table's permissions. We can choose whether we want only READ or ADMIN permissions for getUserPermission(). Since we check for global permissions first for table permissions, configuring table access using global permissions will continue to work. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira