hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Singhi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18437) Revoke access permissions of a user from a table does not work as expected
Date Tue, 08 Aug 2017 02:33:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16117755#comment-16117755
] 

Ashish Singhi commented on HBASE-18437:
---------------------------------------

bq. The permsList is obtained for this user and why again user check? Sorry not getting. Or
u have to check the table details?
The permlist is obtained for acl table, the row key in acl table is the tablename, it will
return all the global user names.
Below is the acl table scan output for better understanding,
{noformat}
hbase(main):011:0> scan 'hbase:acl'
ROW                                                          COLUMN+CELL
 hbase:acl                                                   column=l:ashish, timestamp=1502156949293,
value=RWXCA
 hbase:acl                                                   column=l:singhi, timestamp=1502159481193,
value=RW
 t1                                                          column=l:hbase, timestamp=1501849980130,
value=RWXCA
 t12                                                         column=l:hbase, timestamp=1502156979137,
value=RWXCA
3 row(s) in 0.0140 seconds
{noformat}

> Revoke access permissions of a user from a table does not work as expected
> --------------------------------------------------------------------------
>
>                 Key: HBASE-18437
>                 URL: https://issues.apache.org/jira/browse/HBASE-18437
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.12
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>         Attachments: HBASE-18437.patch
>
>
> A table for which a user was granted 'RW' permission. Now when we want to revoke its
'W' permission only, code removes the user itself from that table permissions.
> Below is the test code which reproduces the issue.
> {noformat}
> @Test(timeout = 180000)
>   public void testRevokeOnlySomePerms() throws Throwable {
>     TableName name = TableName.valueOf("testAgain");
>     HTableDescriptor htd = new HTableDescriptor(name);
>     HColumnDescriptor hcd = new HColumnDescriptor("cf");
>     htd.addFamily(hcd);
>     createTable(TEST_UTIL, htd);
>     TEST_UTIL.waitUntilAllRegionsAssigned(name);
>     try (Connection conn = ConnectionFactory.createConnection(conf)) {
>       AccessControlClient.grant(conn, name, USER_RO.getShortName(), null, null, Action.READ,
Action.WRITE);
>       ListMultimap<String, TablePermission> tablePermissions = AccessControlLists.getTablePermissions(conf,
name);
>       // hbase user and USER_RO has permis
>       assertEquals(2, tablePermissions.size());
>       AccessControlClient.revoke(conn, name, USER_RO.getShortName(), null, null, Action.WRITE);
>       tablePermissions = AccessControlLists.getTablePermissions(conf, name);
>       List<TablePermission> userPerm = tablePermissions.get(USER_RO.getShortName());
>       assertEquals(1, userPerm.size());
>     } finally {
>       deleteTable(TEST_UTIL, name);
>     }
>   }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message