Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E180D102EC for ; Tue, 6 Jan 2015 06:31:34 +0000 (UTC) Received: (qmail 27612 invoked by uid 500); 6 Jan 2015 06:31:35 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 27494 invoked by uid 500); 6 Jan 2015 06:31:35 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 27153 invoked by uid 99); 6 Jan 2015 06:31:35 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2015 06:31:35 +0000 Date: Tue, 6 Jan 2015 06:31:34 +0000 (UTC) From: "Ashish Singhi (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HBASE-12811) NPE while scan a table with user associated with multiple groups. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Ashish Singhi created HBASE-12811: ------------------------------------- Summary: NPE while scan a table with user associated with multiple groups. Key: HBASE-12811 URL: https://issues.apache.org/jira/browse/HBASE-12811 Project: HBase Issue Type: Bug Components: security Affects Versions: 0.98.9 Reporter: Ashish Singhi Assignee: Ashish Singhi A user is associated with two groups. {noformat} /hbase/bin> groups ashish_test ashish_test : defaultgroup ashish_test_1420524824527 {noformat} One of its group is granted permission on a table as shown by user_permission command. {noformat} hbase(main):005:0> user_permission 't1' User Table,Family,Qualifier:Permission @ashish_test_1420524824527 t1,,: [Permission: actions=EXEC,WRITE,CREATE] @ashish_test_1420524824527 t1,d,: [Permission: actions=EXEC,WRITE,CREATE] hbase t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 3 row(s) in 0.3710 seconds {noformat} Now when this user try the scan the table, we get the following exception. {noformat} java.lang.NullPointerException at org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215) at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340) at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332) at org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473) at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490) at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500) at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415) at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484) at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504) at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027) at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987) at org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102) {noformat} *Note:* Line numbers may not match. Exception is coming because the other group of same user which has not been granted permission on the table will have the TablePermission's table(name) as null. -- This message was sent by Atlassian JIRA (v6.3.4#6332)