hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11886) The creator of the table should have all permissions on the table
Date Wed, 03 Sep 2014 05:38:52 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14119387#comment-14119387
] 

ramkrishna.s.vasudevan commented on HBASE-11886:
------------------------------------------------

Nice one.  Ya could be.  I think because the postCreateTableHandler() is actually the service
threads that is spawned from the actual user thread asking for the table creation.
{code}
LOG.info(getClientIdAuditPrefix() + " create " + hTableDescriptor);
    this.service.submit(new CreateTableHandler(this,
      this.fileSystemManager, hTableDescriptor, conf,
      newRegions, this).prepare());
    if (cpHost != null) {
      cpHost.postCreateTable(hTableDescriptor, newRegions);
    }
{code}
We should know the user name in the handler thread. Are you working on a patch for this?

> The creator of the table should have all permissions on the table
> -----------------------------------------------------------------
>
>                 Key: HBASE-11886
>                 URL: https://issues.apache.org/jira/browse/HBASE-11886
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.98.3
>            Reporter: Devaraj Das
>            Priority: Critical
>             Fix For: 1.0.0, 0.98.6
>
>
> In our testing of 0.98.4 with security ON, we found that table creator doesn't have RWXCA
on the created table. Instead, the user representing the HBase daemon gets all permissions.
Due to this the table creator can't write to the table he just created. I am suspecting HBASE-11275
introduced the problem.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message