hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anoop Sam John (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11886) The creator of the table should have all permissions on the table
Date Wed, 03 Sep 2014 19:48:52 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120321#comment-14120321
] 

Anoop Sam John commented on HBASE-11886:
----------------------------------------

Thanks for the find DD.

+      this.activeUser = UserProvider.instantiate(conf).getCurrent();
Get user here from RequestContext(?)

BTW
{code}
private User getActiveUser() throws IOException {
    User user = RequestContext.getRequestUser();
    if (!RequestContext.isInRequestContext()) {
      // for non-rpc handling, fallback to system user
      user = userProvider.getCurrent();
    }
    return user;
  }
{code}
Using InheritableThreadLocal in RequestContext would solve the issue with out other changes?

> The creator of the table should have all permissions on the table
> -----------------------------------------------------------------
>
>                 Key: HBASE-11886
>                 URL: https://issues.apache.org/jira/browse/HBASE-11886
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.98.3
>            Reporter: Devaraj Das
>            Assignee: Devaraj Das
>            Priority: Critical
>             Fix For: 0.99.0, 2.0.0, 0.98.6
>
>         Attachments: 11886-1.txt
>
>
> In our testing of 0.98.4 with security ON, we found that table creator doesn't have RWXCA
on the created table. Instead, the user representing the HBase daemon gets all permissions.
Due to this the table creator can't write to the table he just created. I am suspecting HBASE-11275
introduced the problem.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message