[jira] [Resolved] (HBASE-11300) Wrong permission check for checkAndPut in AccessController

Ted Yu (JIRA) Tue, 10 Jun 2014 07:48:29 -0700

     [ 
https://issues.apache.org/jira/browse/HBASE-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ted Yu resolved HBASE-11300.
----------------------------

    Resolution: Invalid

> Wrong permission check for checkAndPut in AccessController
> ----------------------------------------------------------
>
>                 Key: HBASE-11300
>                 URL: https://issues.apache.org/jira/browse/HBASE-11300
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.99.0
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>
> For the checkAndPut operation, the AccessController only checks the read and 
> write permission for the family and qualifier to check, but ignores the write 
> permission for the family map of "put". What's more,  we don't need the write 
> permission for the family and qualifier to check.
> See the code AccessController.java #1538
> {code}
>     Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, 
> qualifier);
>     User user = getActiveUser();
>     AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, 
> env, families,
>       Action.READ, Action.WRITE);
> {code}
> Same problem for checkAndDelete operation.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (HBASE-11300) Wrong permission check for checkAndPut in AccessController

Reply via email to