hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12634) Fix the AccessController#requireGlobalPermission(ns) with NS
Date Thu, 04 Dec 2014 06:18:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233941#comment-14233941
] 

Ashish Singhi commented on HBASE-12634:
---------------------------------------

I meant, user having admin rights on a namespace will be able to perform Create/Delete/Modify
namespace operation on that namespace only.
I hope Anoop that answers your question.

But here create namespace ideally should authorize for user having global admins rights not
admin right on the namespace which is requested to create. Namespace is still not created
here.
But it passes away since we have an 'OR' condition.

Should I change 
{code} requireGlobalPermission("createNamespace", Action.ADMIN, ns.getName()); {code} to {code}requirePermission("createNamespace",
Action.ADMIN);{code} In this jira or another jira ?

>  Fix the AccessController#requireGlobalPermission(ns) with NS
> -------------------------------------------------------------
>
>                 Key: HBASE-12634
>                 URL: https://issues.apache.org/jira/browse/HBASE-12634
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.98.8
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>             Fix For: 1.0.0, 2.0.0, 0.98.9
>
>         Attachments: HBASE-12634-v2.patch, HBASE-12634.patch
>
>
> The namespace argument passed to AccessController#requireGlobalPermission API to authorize
namespace is actually not authorizing it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message