[jira] [Commented] (HBASE-12348) preModifyColumn and preDeleteColumn in AC denies user to perform its operation though it has required rights

[Ashish Singhi (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-12348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14242206#comment-14242206
 ] 

Ashish Singhi commented on HBASE-12348:
---------------------------------------

Hi [~andrew.purt...@gmail.com]
When I run the tests locally it passes all the time with the patch. 
{quote} Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 51, Failures: 1, Errors: 2, Skipped: 0, Time elapsed: 118.727{quote}
https://github.com/apache/hbase/blob/0.98.9RC0/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java,
 here there are only 49 tests. But I see 51 tests in your case.

{quote} TestAccessController.testAccessControllerUserPermsRegexHandling:2394 
expected:<1> but was:<0>
TestAccessController.testAccessControlClientUserPerms:2356 NullPointer{quote}
I don't see the above tests in TestAccessController class. 

bq. TestAccessController.testGetNamespacePermission:2303 » NamespaceExist 
testName..
It is passing locally every time and I am very much sure I haven't made any 
modification in the code related  to that.

I am not sure what I am missing! Anyways I have attached a 0.98 version patch.
Sorry for bothering you again.

> preModifyColumn and preDeleteColumn in AC denies user to perform its 
> operation though it has required rights
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-12348
>                 URL: https://issues.apache.org/jira/browse/HBASE-12348
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.98.5
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>             Fix For: 1.0.0, 2.0.0, 0.98.10
>
>         Attachments: HBASE-12348-0.98.patch, HBASE-12348-v1.patch, 
> HBASE-12348-v3.patch, HBASE-12348.patch
>
>
> A user with ADMIN and CREATE rights {{only on the column family}} is denied 
> from performing DeleteColumn and ModifyColumn operations on the table.
> also 
> Family name can be added in audit log for addColumn
> {noformat}
> alter 't', 'd2'
> 2014-10-27 20:44:45,635 TRACE 
> SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController: 
> Access allowed for user ashish; reason: Table permission granted; remote 
> address: /10.18.40.106; request: addColumn; context: (user=ashish, scope=t, 
> family=, action=ADMIN)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)