[jira] [Comment Edited] (HBASE-13239) Hbase grants at specific column level does not work for Groups

[Ted Yu (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-13239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14361408#comment-14361408
 ] 

Ted Yu edited comment on HBASE-13239 at 3/14/15 12:40 AM:
----------------------------------------------------------

Also confirmed that permission granting based on family still works:
{code}
hbase(main):001:0> user_permission 'IntegrationTestIngest'
User                                          Table,Family,Qualifier:Permission
 @users                                       IntegrationTestIngest,test_cf,: 
[Permission: actions=READ]
 hbase                                        IntegrationTestIngest,,: 
[Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
...
[root@ty-sec-1-3 ~]# su - hrt_2
[hrt_2@ty-sec-1-3 ~]$ hbase shell
2015-03-13 23:50:41,438 INFO  [main] Configuration.deprecation: 
hadoop.native.lib is deprecated. Instead, use io.native.lib.available
HBase Shell; enter 'help<RETURN>' for list of supported commands.
Type "exit<RETURN>" to leave the HBase Shell
Version 0.98.4.2.2.2.0-2606-hadoop2, r82b3ef1436f1e5d35fa56a3ced1088e5308dd84f, 
Thu Mar 12 20:38:30 EDT 2015

hbase(main):001:0> count 'IntegrationTestIngest'
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in 
[jar:file:/grid/0/hdp/2.2.2.0-2606/hadoop/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in 
[jar:file:/grid/0/hdp/2.2.2.0-2606/zookeeper/lib/slf4j-log4j12-1.6.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
Current count: 1000, row: 017e3cdfbb52cd9828ec3136354c54b2-49287
Current count: 2000, row: 02ff1fa35bacc1643287baab70d1ce52-121729
Current count: 3000, row: 04851359d83c573e1b9bd3c5b1633618-106751
Current count: 4000, row: 0600480d533e3f41ce2e6e77415aa54e-134553
{code}


was (Author: yuzhih...@gmail.com):
Also confirmed that permission granting based family still works:
{code}
hbase(main):001:0> user_permission 'IntegrationTestIngest'
User                                          Table,Family,Qualifier:Permission
 @users                                       IntegrationTestIngest,test_cf,: 
[Permission: actions=READ]
 hbase                                        IntegrationTestIngest,,: 
[Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
...
[root@ty-sec-1-3 ~]# su - hrt_2
[hrt_2@ty-sec-1-3 ~]$ hbase shell
2015-03-13 23:50:41,438 INFO  [main] Configuration.deprecation: 
hadoop.native.lib is deprecated. Instead, use io.native.lib.available
HBase Shell; enter 'help<RETURN>' for list of supported commands.
Type "exit<RETURN>" to leave the HBase Shell
Version 0.98.4.2.2.2.0-2606-hadoop2, r82b3ef1436f1e5d35fa56a3ced1088e5308dd84f, 
Thu Mar 12 20:38:30 EDT 2015

hbase(main):001:0> count 'IntegrationTestIngest'
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in 
[jar:file:/grid/0/hdp/2.2.2.0-2606/hadoop/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in 
[jar:file:/grid/0/hdp/2.2.2.0-2606/zookeeper/lib/slf4j-log4j12-1.6.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
Current count: 1000, row: 017e3cdfbb52cd9828ec3136354c54b2-49287
Current count: 2000, row: 02ff1fa35bacc1643287baab70d1ce52-121729
Current count: 3000, row: 04851359d83c573e1b9bd3c5b1633618-106751
Current count: 4000, row: 0600480d533e3f41ce2e6e77415aa54e-134553
{code}

>  Hbase grants at specific column level does not work for Groups 
> ----------------------------------------------------------------
>
>                 Key: HBASE-13239
>                 URL: https://issues.apache.org/jira/browse/HBASE-13239
>             Project: HBase
>          Issue Type: Bug
>          Components: hbase
>    Affects Versions: 0.98.4
>            Reporter: Jaymin Patel
>            Assignee: Ted Yu
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.12
>
>         Attachments: 13239-v1.txt
>
>
> While performing Grant command to a specific column in a table - to a 
> specific group does not produce needed results. However, when specific user 
> is mentioned (instead of group name) in grant command, it becomes effective
> Steps to Reproduce : 
> 1) using super-user, Grant a table/column family/column level grant to a group
> 2) login using a user ( part of the above group) and scan the table. It does 
> not return any results
> 3) using super-user, Grant a table/column family/column level grant to a 
> specific user ( instead of group) 
> 4) login using that specific user and scan the table. It produces correct 
> results, i.e. provides only the column where user has select privileges



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)