[
https://issues.apache.org/jira/browse/HBASE-11886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120396#comment-14120396
]
Devaraj Das commented on HBASE-11886:
-------------------------------------
Using the user from RequestContext sounds fine.
I am not so sure about the InheritableThreadLocal though. Since the master does
HDFS operations when operations like createTable are called, it might be an
issue, no? What I did changes the identity only for postCreateTableHandler but
the other operations done as part of the createTable call is executed as the
master's identity.
> The creator of the table should have all permissions on the table
> -----------------------------------------------------------------
>
> Key: HBASE-11886
> URL: https://issues.apache.org/jira/browse/HBASE-11886
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.98.3
> Reporter: Devaraj Das
> Assignee: Devaraj Das
> Priority: Critical
> Fix For: 0.99.0, 2.0.0, 0.98.6
>
> Attachments: 11886-1.txt
>
>
> In our testing of 0.98.4 with security ON, we found that table creator
> doesn't have RWXCA on the created table. Instead, the user representing the
> HBase daemon gets all permissions. Due to this the table creator can't write
> to the table he just created. I am suspecting HBASE-11275 introduced the
> problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
