hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16724) Snapshot owner can't clone
Date Wed, 28 Sep 2016 14:40:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15529851#comment-15529851
] 

Ashish Singhi commented on HBASE-16724:
---------------------------------------

bq. what if we change cloneSnapshot to check for table admin?
But like I mentioned in my previous comment the table for which snapshot was taken is deleted
in step 2 hence there will be no entry for this table in acl table and it will not be able
to get any permission for this table, so we cannot check for that. 
I think namespace admin is required. Am I correct ?

{quote}
{code}
requirePermission(getActiveUser(ctx), "cloneSnapshot " + snapshot.getName(), 
      hTableDescriptor.getTableName(), null, null,
      Permission.Action.ADMIN);
{code}
{quote}
This change will still work as it internally also checks whether the user has namespace admin
permission.

> Snapshot owner can't clone
> --------------------------
>
>                 Key: HBASE-16724
>                 URL: https://issues.apache.org/jira/browse/HBASE-16724
>             Project: HBase
>          Issue Type: Bug
>          Components: snapshots
>    Affects Versions: 2.0.0
>            Reporter: Pankaj Kumar
>            Assignee: Pankaj Kumar
>
> Currently only Global admin has the access of cloning a snapshot.
> In AccessController,
> {code}
>   @Override
>   public void preCloneSnapshot(final ObserverContext<MasterCoprocessorEnvironment>
ctx,
>       final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor)
>       throws IOException {
>     requirePermission(getActiveUser(ctx), "cloneSnapshot " + snapshot.getName(), Action.ADMIN);
>   }
> {code}
> Snapshot owner should be able to  clone it, need to add a check like,
> {code}
> SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message