[jira] [Created] (HBASE-15873) ACL for snapshot restore is not enforced

[Ted Yu (JIRA)]

Ted Yu created HBASE-15873:
------------------------------

             Summary: ACL for snapshot restore is not enforced
                 Key: HBASE-15873
                 URL: https://issues.apache.org/jira/browse/HBASE-15873
             Project: HBase
          Issue Type: Bug
    Affects Versions: 1.1.0
            Reporter: Ted Yu
            Assignee: Ted Yu
            Priority: Critical


[~romil.choksi] reported that snapshot owner couldn't restore snapshot on hbase 
1.1
We saw the following in master log:
{code}
2016-05-20 00:22:17,186 DEBUG 
[B.defaultRpcServer.handler=23,queue=2,port=20000] ipc.RpcServer: 
B.defaultRpcServer.handler=23,queue=2,port=20000: callId: 15 service:           
  MasterService methodName: RestoreSnapshot size: 70 connection: x.y:56508
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions for user 'hrt_1' (global, action=ADMIN)
  at 
org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:536)
  at 
org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:512)
  at 
org.apache.hadoop.hbase.security.access.AccessController.preRestoreSnapshot(AccessController.java:1327)
  at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost$73.call(MasterCoprocessorHost.java:881)
  at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1146)
  at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRestoreSnapshot(MasterCoprocessorHost.java:877)
  at 
org.apache.hadoop.hbase.master.snapshot.SnapshotManager.restoreSnapshot(SnapshotManager.java:726)
{code}
After adding some debug information, it turned out that the (request) 
SnapshotDescription passed to the method doesn't have owner set.

This problem doesn't exist in master branch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)