hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12925) Use acl cache for doing access control checks in prepare and clean phases of Bulkloading.
Date Mon, 26 Jan 2015 22:57:34 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292568#comment-14292568
] 

Matteo Bertozzi commented on HBASE-12925:
-----------------------------------------

+1 looks good to me. 
the only thing is that verifyCreate() in the test.. that should probably be something like
verifyAnyCreate() or similar, to empathize that you are looking for any permission table,
family or qualifier. (your call, looks fine to me even like this)

> Use acl cache for doing access control checks in prepare and clean phases of Bulkloading.
> -----------------------------------------------------------------------------------------
>
>                 Key: HBASE-12925
>                 URL: https://issues.apache.org/jira/browse/HBASE-12925
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>         Attachments: HBASE-12925.patch
>
>
> Currently, prepareBulkLoad and cleanupBulkLoad are using "hasSomeAccess", which performs
scan on ACL table, instead of using TableAuthManager. Also, the method "hasSomeAccess" has
a logical error, as it doesn't filter the acl scan results by the current active user. More
specifically 
> {code}
> for (UserPermission userPerm: perms) {
>         for (Action userAction: userPerm.getActions()) {
>           if (userAction.equals(action)) {
>             return AuthResult.allow(method, "Access allowed", requestUser,
>               action, tableName, null, null);
>           }
>         }
>       }
> {code} 
> The if clause ideally should be having something like userPerm.getUser.equals(requestUser).
This issue will help us in getting rid of this problematic implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message