hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13239) Hbase grants at specific column level does not work for Groups
Date Sat, 14 Mar 2015 00:38:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14361406#comment-14361406
] 

Ted Yu commented on HBASE-13239:
--------------------------------

Verified the patch on a secure cluster:
{code}
hbase(main):002:0> scan 'usertable'
ROW                                           COLUMN+CELL
 row01                                        column=family:col01, timestamp=1426265186329,
value=value1
1 row(s) in 0.3130 seconds

hbase(main):002:0> grant '@users','R', 'usertable', 'family', 'col01'
0 row(s) in 0.4540 seconds

hbase(main):003:0> user_permission 'usertable'
User                                          Table,Family,Qualifier:Permission
 @users                                       usertable,family,col01: [Permission: actions=READ]
 hrt_qa                                       usertable,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
2 row(s) in 0.0770 seconds
{code}
I then logged in as user hrt_2 who is a member of users group:
{code}
hbase(main):001:0> scan 'usertable'
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/grid/0/hdp/2.2.2.0-2606/hadoop/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/grid/0/hdp/2.2.2.0-2606/zookeeper/lib/slf4j-log4j12-1.6.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
ROW                                           COLUMN+CELL
 row01                                        column=family:col01, timestamp=1426265186329,
value=value1
{code}

>  Hbase grants at specific column level does not work for Groups 
> ----------------------------------------------------------------
>
>                 Key: HBASE-13239
>                 URL: https://issues.apache.org/jira/browse/HBASE-13239
>             Project: HBase
>          Issue Type: Bug
>          Components: hbase
>    Affects Versions: 0.98.4
>            Reporter: Jaymin Patel
>            Assignee: Ted Yu
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.12
>
>         Attachments: 13239-v1.txt
>
>
> While performing Grant command to a specific column in a table - to a specific group
does not produce needed results. However, when specific user is mentioned (instead of group
name) in grant command, it becomes effective
> Steps to Reproduce : 
> 1) using super-user, Grant a table/column family/column level grant to a group
> 2) login using a user ( part of the above group) and scan the table. It does not return
any results
> 3) using super-user, Grant a table/column family/column level grant to a specific user
( instead of group) 
> 4) login using that specific user and scan the table. It produces correct results, i.e.
provides only the column where user has select privileges



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message