hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14818) user_permission does not list namespace permissions
Date Thu, 19 May 2016 16:58:13 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291510#comment-15291510
] 

Hadoop QA commented on HBASE-14818:
-----------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} rubocop {color} | {color:blue} 0m 2s {color} | {color:blue}
rubocop was not available. {color} |
| {color:blue}0{color} | {color:blue} ruby-lint {color} | {color:blue} 0m 2s {color} | {color:blue}
Ruby-lint was not available. {color} |
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green} 0m 0s {color} |
{color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green}
The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s {color} | {color:red}
The patch doesn't appear to include any new or modified tests. Please justify why no new tests
are needed for this patch. Also please list what manual steps were performed to verify this
patch. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 27s {color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m 11s {color}
| {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 10s {color} |
{color:green} master passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 52s {color} |
{color:green} master passed with JDK v1.7.0_79 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 12s {color}
| {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 34s {color}
| {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 24s {color} |
{color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 57s {color} |
{color:green} master passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 39s {color} |
{color:green} master passed with JDK v1.7.0_79 {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 14s {color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 46s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 55s {color} |
{color:green} the patch passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 55s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 40s {color} |
{color:green} the patch passed with JDK v1.7.0_79 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 40s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 4s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 30s {color}
| {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} whitespace {color} | {color:red} 0m 0s {color} | {color:red}
The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green} 12m 2s {color}
| {color:green} Patch does not cause any errors with Hadoop 2.4.1 2.5.2 2.6.0. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 40s {color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 54s {color} |
{color:green} the patch passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 36s {color} |
{color:green} the patch passed with JDK v1.7.0_79 {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 1m 15s {color} | {color:green}
hbase-client in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 22s {color} | {color:green}
hbase-shell in the patch passed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 20s {color}
| {color:green} Patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 33m 29s {color} | {color:black}
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12804870/HBASE-14818-master-v3.patch
|
| JIRA Issue | HBASE-14818 |
| Optional Tests |  asflicense  javac  javadoc  unit  findbugs  hadoopcheck  hbaseanti  checkstyle
 compile  rubocop  ruby_lint  |
| uname | Linux proserpina.apache.org 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep
3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/test_framework/yetus-0.2.1/lib/precommit/personality/hbase.sh
|
| git revision | master / a050e1d |
| Default Java | 1.7.0_79 |
| Multi-JDK versions |  /home/jenkins/tools/java/jdk1.8.0:1.8.0 /usr/local/jenkins/java/jdk1.7.0_79:1.7.0_79
|
| findbugs | v3.0.0 |
| whitespace | https://builds.apache.org/job/PreCommit-HBASE-Build/1966/artifact/patchprocess/whitespace-eol.txt
|
|  Test Results | https://builds.apache.org/job/PreCommit-HBASE-Build/1966/testReport/ |
| modules | C: hbase-client hbase-shell U: . |
| Console output | https://builds.apache.org/job/PreCommit-HBASE-Build/1966/console |
| Powered by | Apache Yetus 0.2.1   http://yetus.apache.org |


This message was automatically generated.



> user_permission does not list namespace permissions
> ---------------------------------------------------
>
>                 Key: HBASE-14818
>                 URL: https://issues.apache.org/jira/browse/HBASE-14818
>             Project: HBase
>          Issue Type: Bug
>          Components: hbase
>    Affects Versions: 1.2.0
>            Reporter: Steven Hancz
>            Assignee: li xiang
>            Priority: Minor
>             Fix For: master
>
>         Attachments: HBASE-14818-master-v3.patch, HBASE-14818-v0.patch, HBASE-14818-v1.patch,
HBASE-14818-v2.patch
>
>
> The user_permission command does not list namespace permissions:
> For example: if I create a new namespace or use an existing namespace and grant a user
privileges to that namespace, the command user_permission does not list it. The permission
is visible in the acl table.
> Example:
> hbase(main):005:0>  create_namespace 'ns3'
> 0 row(s) in 0.1640 seconds
> hbase(main):007:0> grant 'test_user','RWXAC','@ns3'
> 0 row(s) in 0.5680 seconds
> hbase(main):008:0> user_permission '.*'
> User                               Namespace,Table,Family,Qualifier:Permission      
                                                 
>  sh82993                           finance,finance:emp,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                         
>  @hbaseglobaldba                   hbase,hbase:acl,,: [Permission: actions=EXEC,CREATE,ADMIN]
                                        
>  @hbaseglobaloper                  hbase,hbase:acl,,: [Permission: actions=EXEC,ADMIN]
                                               
>  hdfs                              hbase,hbase:acl,,: [Permission: actions=READ,WRITE,CREATE,ADMIN,EXEC]
                             
>  sh82993                           ns1,ns1:tbl1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                                
>  ns1admin                          ns1,ns1:tbl2,,: [Permission: actions=EXEC,CREATE,ADMIN]
                                           
>  @hbaseappltest_ns1funct           ns1,ns1:tbl2,,: [Permission: actions=READ,WRITE,EXEC]
                                             
>  ns1funct                          ns1,ns1:tbl2,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                                
>  hbase                             ns2,ns2:tbl1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
                                
> 9 row(s) in 1.8090 seconds
> As you can see user test_user does not appear in the output, but we can see the permission
in the ACL table. 
> hbase(main):001:0>  scan 'hbase:acl'
> ROW                                COLUMN+CELL                                      
                                                 
>  @finance                          column=l:sh82993, timestamp=1444405519510, value=RWXCA
                                            
>  @gcbcppdn                         column=l:hdfs, timestamp=1446141119602, value=RWCXA
                                               
>  @hbase                            column=l:hdfs, timestamp=1446141485136, value=RWCAX
                                               
>  @ns1                              column=l:@hbaseappltest_ns1admin, timestamp=1447437007467,
value=RWXCA                             
>  @ns1                              column=l:@hbaseappltest_ns1funct, timestamp=1447427366835,
value=RWX                               
>  @ns2                              column=l:@hbaseappltest_ns2admin, timestamp=1446674470456,
value=XCA                               
>  @ns2                              column=l:test_user, timestamp=1447692840030, value=RWAC
                                           
>  @ns3                              column=l:test_user, timestamp=1447692860434, value=RWXAC
                                          
>  finance:emp                       column=l:sh82993, timestamp=1444407723316, value=RWXCA
                                            
>  hbase:acl                         column=l:@hbaseglobaldba, timestamp=1446590375370,
value=XCA                                       
>  hbase:acl                         column=l:@hbaseglobaloper, timestamp=1446590387965,
value=XA                                       
>  hbase:acl                         column=l:hdfs, timestamp=1446141737213, value=RWCAX
                                               
>  ns1:tbl1                          column=l:sh82993, timestamp=1446674153058, value=RWXCA
                                            
>  ns1:tbl2                          column=l:@hbaseappltest_ns1funct, timestamp=1447183824580,
value=RWX                               
>  ns1:tbl2                          column=l:ns1admin, timestamp=1447183766370, value=XCA
                                             
>  ns1:tbl2                          column=l:ns1funct, timestamp=1447184077545, value=RWXCA
                                           
>  ns2:tbl1                          column=l:hbase, timestamp=1447182228314, value=RWXCA
                                              
> 11 row(s) in 0.4990 seconds
> It would be nice to be able to see namespace permissions via the user_permission '.*'
command as scanning the acl table is not the recommended way to view object permissions. Especially
if one is looking to access base via a shell and collect ACL information.
> Steven



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message