[
https://issues.apache.org/jira/browse/HBASE-12348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14242063#comment-14242063
]
Andrew Purtell commented on HBASE-12348:
----------------------------------------
Applied the v3 patch. Doesn't work on 0.98:
{noformat}
Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 51, Failures: 1, Errors: 2, Skipped: 0, Time elapsed: 118.727 sec
<<< FAILURE! - in org.apache.hadoop.hbase.security.access.TestAccessController
testAccessControlClientUserPerms(org.apache.hadoop.hbase.security.access.TestAccessController)
Time elapsed: 1.516 sec <<< ERROR!
java.lang.NullPointerException: null
at
org.apache.hadoop.hbase.security.access.TestAccessController.testAccessControlClientUserPerms(TestAccessController.java:2356)
testAccessControllerUserPermsRegexHandling(org.apache.hadoop.hbase.security.access.TestAccessController)
Time elapsed: 3.449 sec <<< FAILURE!
java.lang.AssertionError: expected:<1> but was:<0>
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.failNotEquals(Assert.java:743)
at org.junit.Assert.assertEquals(Assert.java:118)
at org.junit.Assert.assertEquals(Assert.java:555)
at org.junit.Assert.assertEquals(Assert.java:542)
at
org.apache.hadoop.hbase.security.access.TestAccessController.testAccessControllerUserPermsRegexHandling(TestAccessController.java:2394)
testGetNamespacePermission(org.apache.hadoop.hbase.security.access.TestAccessController)
Time elapsed: 1.203 sec <<< ERROR!
org.apache.hadoop.hbase.NamespaceExistException: testNamespace
at
org.apache.hadoop.hbase.master.TableNamespaceManager.create(TableNamespaceManager.java:149)
at
org.apache.hadoop.hbase.master.TableNamespaceManager.create(TableNamespaceManager.java:124)
at
org.apache.hadoop.hbase.master.HMaster.createNamespace(HMaster.java:3378)
at
org.apache.hadoop.hbase.security.access.TestAccessController.testGetNamespacePermission(TestAccessController.java:2303)
Results :
Failed tests:
TestAccessController.testAccessControllerUserPermsRegexHandling:2394
expected:<1> but was:<0>
Tests in error:
TestAccessController.testAccessControlClientUserPerms:2356 NullPointer
TestAccessController.testGetNamespacePermission:2303 ยป NamespaceExist
testName..
{noformat}
> preModifyColumn and preDeleteColumn in AC denies user to perform its
> operation though it has required rights
> ------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-12348
> URL: https://issues.apache.org/jira/browse/HBASE-12348
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.98.5
> Reporter: Ashish Singhi
> Assignee: Ashish Singhi
> Fix For: 1.0.0, 2.0.0, 0.98.10
>
> Attachments: HBASE-12348-v1.patch, HBASE-12348-v3.patch,
> HBASE-12348.patch
>
>
> A user with ADMIN and CREATE rights {{only on the column family}} is denied
> from performing DeleteColumn and ModifyColumn operations on the table.
> also
> Family name can be added in audit log for addColumn
> {noformat}
> alter 't', 'd2'
> 2014-10-27 20:44:45,635 TRACE
> SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController:
> Access allowed for user ashish; reason: Table permission granted; remote
> address: /10.18.40.106; request: addColumn; context: (user=ashish, scope=t,
> family=, action=ADMIN)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
