[
https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14365269#comment-14365269
]
Srikanth Srungarapu commented on HBASE-13241:
---------------------------------------------
[~ashish singhi] Thanks for so much for taking care of adding coverage for
groups, which is a missing piece in the security testing. I'm desperate to give
+1 on this as you can see from our offline communication. Had a little chat
with [~mbertozzi] on v4, and I'm afraid that I couldn't let this pass through.
* Please avoid checking whether grants are possible and verification of the
scans in one test.
* Please avoid doing things like USER1_TESTGROUP_TABLE.runAs. As you can see
from the existing testing infrastructure, we generally create an action and use
it with verifyAllowed and verifyDenied.
* In short, as already suggested, I'm looking for something similar to
TestAccessController#testGrantRevoke for verifying whether groups belonging to
proper groups can grant and
TestAccessController#testPostGrantRevokeAtQualifierLevel for verifying whether
scans work assuming grants were already involved.
* But if you have something in mind about why we can't do this, please let us
know.
> Add tests for group level grants
> --------------------------------
>
> Key: HBASE-13241
> URL: https://issues.apache.org/jira/browse/HBASE-13241
> Project: HBase
> Issue Type: Improvement
> Components: security, test
> Reporter: Sean Busbey
> Assignee: Ashish Singhi
> Priority: Critical
> Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch,
> HBASE-13241-v3.patch, HBASE-13241-v4.patch, HBASE-13241.patch
>
>
> We need to have tests for group-level grants for various scopes. ref:
> HBASE-13239
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
