hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12622) user_permission should require global admin to display global and ns permissions
Date Wed, 03 Dec 2014 14:27:14 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233030#comment-14233030
] 

Ashish Singhi commented on HBASE-12622:
---------------------------------------

Yes Anoop you are right. The namespace variable is just being used their for logging, not
using it for authorizing.

I tested the patch with following scenario,
1. grant 'non-super', 'RWXCA', '@ns'
2.user_permission '@ns'

It fails with ADE as there it only checks for global ADMIN permission for user.
When I also authorize for namespace, it works fine.

That means other five commands using this method to authorize namespace not meeting the developer
intention.

> user_permission should require global admin to display global and ns permissions
> --------------------------------------------------------------------------------
>
>                 Key: HBASE-12622
>                 URL: https://issues.apache.org/jira/browse/HBASE-12622
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0, 0.98.8, 0.99.2
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>             Fix For: 1.0.0, 2.0.0, 0.98.9
>
>         Attachments: HBASE-12622-v0.patch
>
>
> user_permission check the user permission only on the table level (requiring at least
a table-level admin)
> global and namespace permission listing is done without checking anything.
> but only a global admins should be able to perform this operations.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message