[jira] [Commented] (HBASE-13241) Add tests for group level grants

Sun, 15 Mar 2015 00:07:17 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362263#comment-14362263
 ] 

Ashish Singhi commented on HBASE-13241:
---------------------------------------

bq. Per my understanding, what the following statement does is it tries to 
check whether the users SUPERUSER, USER1_TESTGROUP_TABLE, USER2_TESTGROUP_TABLE 
were able to perform grantActionAtTableLevel action which is granting 
permissions to group. Please try looking at 
TestAccessController#testGrantRevoke for more background. So, my guess we don't 
need these statements as we're concerned about whether scan works for the users 
having proper actions.
*TestAccessController#testGrantRevoke* is granting permission to a user and 
testing for that user.
Where as *TestAccessControllerWithGroups#testGrantAtTableLevel* is granting 
permission to a group and testing for the users in that group. I did not find 
any test case for that and is this what the jira description says to test group 
level grants and this at table level.
Or is there any already existing test case where we grant permission to a group 
and test for the required permissions for the user in that group ?

bq. My suggestion is instead of adding a new test class which spins up a new 
cluster, we can make use of existing 
TestAccessController#testPostGrantRevokeAtQualifierLevel by adding new groups 
with users in them and add them to verifyAllowed, verifyDenied appropriately. 
What do you think?
*TestAccessController* is already a heavy test class having 57 test cases. So I 
thought of making a new one in which we can try to cover all the operation 
applicable for group level like revoke and e.t.c. For now its only for grant as 
per the jira scope.

> Add tests for group level grants
> --------------------------------
>
>                 Key: HBASE-13241
>                 URL: https://issues.apache.org/jira/browse/HBASE-13241
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, test
>            Reporter: Sean Busbey
>            Assignee: Ashish Singhi
>            Priority: Critical
>         Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch, 
> HBASE-13241.patch
>
>
> We need to have tests for group-level grants for various scopes. ref: 
> HBASE-13239



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to