Liu Shaohui created HBASE-11300:
-----------------------------------
Summary: Wrong permission check for checkAndPut in AccessController
Key: HBASE-11300
URL: https://issues.apache.org/jira/browse/HBASE-11300
Project: HBase
Issue Type: Bug
Components: security
Affects Versions: 0.99.0
Reporter: Liu Shaohui
Assignee: Liu Shaohui
Priority: Minor
For the checkAndPut operation, the AccessController only checks the read and
write permission for the family and qualifier to check, but ignores the write
permission for the family map of "put". What's more, we don't need the write
permission for the family and qualifier to check.
See the code AccessController.java #1538
{code}
Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family,
qualifier);
User user = getActiveUser();
AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env,
families,
Action.READ, Action.WRITE);
{code}
Same problem for checkAndDelete operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
