wangyongqiang created HBASE-16203:
-------------------------------------
Summary: may be a bug on hbase authorization
Key: HBASE-16203
URL: https://issues.apache.org/jira/browse/HBASE-16203
Project: HBase
Issue Type: Bug
Affects Versions: 0.98.10
Reporter: wangyongqiang
in hbase with kerbose and authorization on, I enter hbase shell with a hbase
super user, and do the following steps:
{quote}
1. grant "newUser/[email protected]"
"newUser/[email protected]" is one of the kerbose principles
2. exit hbase shell
3. enter hbase shell again with principle "newUser/[email protected]"
4. scan 't1'
t1 is one of the table in hbase
{quote}
the result is: AccessDeniedException
after debug regionServer code, I find the problem is:
{quote}
1. when we grant the global admin to "newUser/[email protected]",
TableAuthManager store this info with the whole name, newUser/[email protected]
2. when we enter hbase shell with principle "newUser/[email protected]" and
scan table, regionServer will do do authorization check, such as check if the
user is superUser
when do this check, use the short name(newUser), not the whole
name(newUser/[email protected])
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
