[
https://issues.apache.org/jira/browse/HBASE-13826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570297#comment-14570297
]
Srikanth Srungarapu commented on HBASE-13826:
---------------------------------------------
The other 4 public {{authorize}} calls are verifying user's group privileges
either directly or indirectly with one exception of the below {{authorize}}
used for cell tag checks, which is expected.
{code}
/**
* Authorize a user for a given KV. This is called from AccessControlFilter.
*/
public boolean authorize(User user, TableName table, Cell cell,
Permission.Action action) {
try {
List<Permission> perms =
AccessControlLists.getCellPermissionsForUser(user, cell);
if (LOG.isTraceEnabled()) {
LOG.trace("Perms for user " + user.getShortName() + " in cell " + cell
+ ": " +
(perms != null ? perms : ""));
}
if (perms != null) {
for (Permission p: perms) {
if (p.implies(action)) {
return true;
}
}
}
} catch (IOException e) {
// We failed to parse the KV tag
LOG.error("Failed parse of ACL tag in cell " + cell);
// Fall through to check with the table and CF perms we were able
// to collect regardless
}
return false;
}
{code}
> Unable to create table when group acls are appropriately set.
> -------------------------------------------------------------
>
> Key: HBASE-13826
> URL: https://issues.apache.org/jira/browse/HBASE-13826
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0, 1.0.2, 1.2.0, 1.1.1
> Reporter: Srikanth Srungarapu
> Assignee: Srikanth Srungarapu
> Fix For: 2.0.0, 0.98.14, 1.0.2, 1.2.0, 1.1.1
>
> Attachments: HBASE-13826.patch
>
>
> Steps for reproducing the issue.
> - Create user 'test' and group 'hbase-admin'.
> - Grant global create permissions to 'hbase-admin'.
> - Add user 'test' to 'hbase-admin' group.
> - Create table operation for 'test' user will throw ADE.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
