Repository: hbase Updated Branches: refs/heads/master df238346d -> 01bc979ea
HBASE-13239 HBase grant at specific column level does not work for Groups Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/01bc979e Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/01bc979e Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/01bc979e Branch: refs/heads/master Commit: 01bc979ea29e9282786de13c1cb8cbc107e92e9f Parents: df23834 Author: tedyu <[email protected]> Authored: Sat Mar 14 20:21:37 2015 -0700 Committer: tedyu <[email protected]> Committed: Sat Mar 14 20:21:37 2015 -0700 ---------------------------------------------------------------------- .../hbase/security/access/TableAuthManager.java | 24 +++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/01bc979e/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java index 6ca40e6..e73b23c 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java @@ -295,7 +295,7 @@ public class TableAuthManager { } } } else if (LOG.isDebugEnabled()) { - LOG.debug("No permissions found"); + LOG.debug("No permissions found for " + action); } return false; @@ -488,20 +488,26 @@ public class TableAuthManager { * permissions. */ public boolean authorizeGroup(String groupName, Permission.Action action) { - return authorize(globalCache.getGroup(groupName), action); + List<Permission> perms = globalCache.getGroup(groupName); + if (LOG.isDebugEnabled()) { + LOG.debug("authorizing " + (perms != null && !perms.isEmpty() ? perms.get(0) : "") + + " for " + action); + } + return authorize(perms, action); } /** - * Checks authorization to a given table and column family for a group, based + * Checks authorization to a given table, column family and column for a group, based * on the stored permissions. * @param groupName * @param table * @param family + * @param qualifier * @param action * @return true if known and authorized, false otherwise */ public boolean authorizeGroup(String groupName, TableName table, byte[] family, - Permission.Action action) { + byte[] qualifier, Permission.Action action) { // Global authorization supercedes table level if (authorizeGroup(groupName, action)) { return true; @@ -513,7 +519,13 @@ public class TableAuthManager { return true; } // Check table level - return authorize(getTablePermissions(table).getGroup(groupName), table, family, action); + List<TablePermission> tblPerms = getTablePermissions(table).getGroup(groupName); + if (LOG.isDebugEnabled()) { + LOG.debug("authorizing " + (tblPerms != null && !tblPerms.isEmpty() ? tblPerms.get(0) : "") + + " for " +groupName + " on " + table + "." + Bytes.toString(family) + "." + + Bytes.toString(qualifier) + " with " + action); + } + return authorize(tblPerms, table, family, qualifier, action); } /** @@ -548,7 +560,7 @@ public class TableAuthManager { String[] groups = user.getGroupNames(); if (groups != null) { for (String group : groups) { - if (authorizeGroup(group, table, family, action)) { + if (authorizeGroup(group, table, family, qualifier, action)) { return true; } }
