[
https://issues.apache.org/jira/browse/HBASE-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14019573#comment-14019573
]
ramkrishna.s.vasudevan commented on HBASE-11300:
------------------------------------------------
I think it makes sense to see if the family map on 'put' has write permission.
> Wrong permission check for checkAndPut in AccessController
> ----------------------------------------------------------
>
> Key: HBASE-11300
> URL: https://issues.apache.org/jira/browse/HBASE-11300
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.99.0
> Reporter: Liu Shaohui
> Assignee: Liu Shaohui
> Priority: Minor
>
> For the checkAndPut operation, the AccessController only checks the read and
> write permission for the family and qualifier to check, but ignores the write
> permission for the family map of "put". What's more, we don't need the write
> permission for the family and qualifier to check.
> See the code AccessController.java #1538
> {code}
> Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family,
> qualifier);
> User user = getActiveUser();
> AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user,
> env, families,
> Action.READ, Action.WRITE);
> {code}
> Same problem for checkAndDelete operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
