hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11886) The creator of the table should have all permissions on the table
Date Wed, 03 Sep 2014 20:34:52 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120396#comment-14120396
] 

Devaraj Das commented on HBASE-11886:
-------------------------------------

Using the user from RequestContext sounds fine.
I am not so sure about the InheritableThreadLocal though. Since the master does HDFS operations
when operations like createTable are called, it might be an issue, no? What I did changes
the identity only for postCreateTableHandler but the other operations done as part of the
createTable call is executed as the master's identity.

> The creator of the table should have all permissions on the table
> -----------------------------------------------------------------
>
>                 Key: HBASE-11886
>                 URL: https://issues.apache.org/jira/browse/HBASE-11886
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.98.3
>            Reporter: Devaraj Das
>            Assignee: Devaraj Das
>            Priority: Critical
>             Fix For: 0.99.0, 2.0.0, 0.98.6
>
>         Attachments: 11886-1.txt
>
>
> In our testing of 0.98.4 with security ON, we found that table creator doesn't have RWXCA
on the created table. Instead, the user representing the HBase daemon gets all permissions.
Due to this the table creator can't write to the table he just created. I am suspecting HBASE-11275
introduced the problem.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message