[
https://issues.apache.org/jira/browse/HBASE-16724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15529879#comment-15529879
]
Matteo Bertozzi commented on HBASE-16724:
-----------------------------------------
right, missed that part where we drop the acl for the table.
in theory the requirePermission for the table will check table -> NS -> global.
which may be better, but still not the behavior you want probably.
maybe we can just do like delete snapshot and bypass the check if owner &&
tableName matches
{code}
if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user) &&
htd.getTableName().equals(snapshot.getTable())) {
// Snapshot owner is allowed to create a table with the same name as the
snapshot he took
AuthResult result = AuthResult.allow("cloneSnapshot " +
snapshot.getName(),
"Snapshot owner check allowed", user, null, null, null); // TODO add
htd/table name...
logResult(result);
} else {
requirePermission(user, "cloneSnapshot " + snapshot.getName(),
Action.ADMIN);
}
{code}
> Snapshot owner can't clone
> --------------------------
>
> Key: HBASE-16724
> URL: https://issues.apache.org/jira/browse/HBASE-16724
> Project: HBase
> Issue Type: Bug
> Components: snapshots
> Affects Versions: 2.0.0
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
>
> Currently only Global admin has the access of cloning a snapshot.
> In AccessController,
> {code}
> @Override
> public void preCloneSnapshot(final
> ObserverContext<MasterCoprocessorEnvironment> ctx,
> final SnapshotDescription snapshot, final HTableDescriptor
> hTableDescriptor)
> throws IOException {
> requirePermission(getActiveUser(ctx), "cloneSnapshot " +
> snapshot.getName(), Action.ADMIN);
> }
> {code}
> Snapshot owner should be able to clone it, need to add a check like,
> {code}
> SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
