[
https://issues.apache.org/jira/browse/HBASE-12098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149035#comment-14149035
]
Kashif J S commented on HBASE-12098:
------------------------------------
bq. It seems that the issue existed even in 0.98.1 release. Attaching the patch.
I am using 0.98.5. I tried to reproduce the issue but I cannot get it. I
performed below steps in a secure cluster
1> Logged in as HBase root user and created namespace with root user.
create_namespace 'myns1'
grant 'kashif', 'RWXCA' // kashif is other user. Different from
master/regionserver
2> Log in as kashif(client) and tried to create a new table
create 'myns1:mytable', 'f' // It was successful
Currently in 0.98.5 version, I do not see namespace level permission support
from hbase shell.
Is it supported in trunk or am i missing something ?
> User granted namespace table create permissions can't create a table
> --------------------------------------------------------------------
>
> Key: HBASE-12098
> URL: https://issues.apache.org/jira/browse/HBASE-12098
> Project: HBase
> Issue Type: Bug
> Components: Client, security
> Affects Versions: 0.98.6
> Reporter: Dima Spivak
> Assignee: Srikanth Srungarapu
> Priority: Critical
> Fix For: 2.0.0, 0.98.7, 0.99.1
>
> Attachments: 12098-master.txt, HBASE-12098.patch,
> HBASE-12098_master_v2.patch
>
>
> From the HBase shell and Java API, I am seeing
> {code}ERROR: org.apache.hadoop.hbase.security.AccessDeniedException:
> Insufficient permissions for user 'dima' (global, action=CREATE){code}
> when I try to create a table in a namespace to which I have been granted
> RWXCA permissions by a global admin. Interestingly enough, this only seems to
> extend to table creation; the same user is then allowed to disable and drop a
> table created by a global admin in that namespace.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
