hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16724) Snapshot owner can't clone
Date Wed, 28 Sep 2016 14:47:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15529879#comment-15529879
] 

Matteo Bertozzi commented on HBASE-16724:
-----------------------------------------

right, missed that part where we drop the acl for the table.
in theory the requirePermission for the table will check table -> NS -> global. which
may be better, but still not the behavior you want probably.

maybe we can just do like delete snapshot and bypass the check if owner && tableName
matches
{code}
if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user) && htd.getTableName().equals(snapshot.getTable()))
{
      // Snapshot owner is allowed to create a table with the same name as the snapshot he
took
      AuthResult result = AuthResult.allow("cloneSnapshot " + snapshot.getName(),
          "Snapshot owner check allowed", user, null, null, null); // TODO add htd/table name...
      logResult(result);
    } else {
      requirePermission(user, "cloneSnapshot " + snapshot.getName(), Action.ADMIN);
    }
{code}

> Snapshot owner can't clone
> --------------------------
>
>                 Key: HBASE-16724
>                 URL: https://issues.apache.org/jira/browse/HBASE-16724
>             Project: HBase
>          Issue Type: Bug
>          Components: snapshots
>    Affects Versions: 2.0.0
>            Reporter: Pankaj Kumar
>            Assignee: Pankaj Kumar
>
> Currently only Global admin has the access of cloning a snapshot.
> In AccessController,
> {code}
>   @Override
>   public void preCloneSnapshot(final ObserverContext<MasterCoprocessorEnvironment>
ctx,
>       final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor)
>       throws IOException {
>     requirePermission(getActiveUser(ctx), "cloneSnapshot " + snapshot.getName(), Action.ADMIN);
>   }
> {code}
> Snapshot owner should be able to  clone it, need to add a check like,
> {code}
> SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message