[ https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14366897#comment-14366897 ]
Matteo Bertozzi commented on HBASE-13241: ----------------------------------------- I see only in one place the assert on the scan result {code} + Scan s1 = new Scan(); + try (ResultScanner scanner1 = table.getScanner(s1);) { + Result[] next1 = scanner1.next(5); + assertTrue(next1.length == 3); + } {code} all the other checks seem to just verify if the AccessDeniedException was received or not, so verifyAllowed()/verifyDenied() should be enough. if not why? what is the difference with the other scanAction we have already? {code} + try (ResultScanner scanner1 = table.getScanner(s1);) { + fail("Access should be denied as the user " + USER1_TESTGROUP_QUALIFIER + + " read privilege has been revoked on column family qualifier " + + Bytes.toString(TEST_FAMILY) + ':' + Bytes.toString(Q1)); + } catch (AccessDeniedException ignore) { + } {code} > Add tests for group level grants > -------------------------------- > > Key: HBASE-13241 > URL: https://issues.apache.org/jira/browse/HBASE-13241 > Project: HBase > Issue Type: Improvement > Components: security, test > Reporter: Sean Busbey > Assignee: Ashish Singhi > Priority: Critical > Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch, > HBASE-13241-v3.patch, HBASE-13241-v4.patch, HBASE-13241-v5.patch, > HBASE-13241.patch > > > We need to have tests for group-level grants for various scopes. ref: > HBASE-13239 -- This message was sent by Atlassian JIRA (v6.3.4#6332)