[
https://issues.apache.org/jira/browse/HBASE-16724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15529851#comment-15529851
]
Ashish Singhi commented on HBASE-16724:
---------------------------------------
bq. what if we change cloneSnapshot to check for table admin?
But like I mentioned in my previous comment the table for which snapshot was
taken is deleted in step 2 hence there will be no entry for this table in acl
table and it will not be able to get any permission for this table, so we
cannot check for that.
I think namespace admin is required. Am I correct ?
{quote}
{code}
requirePermission(getActiveUser(ctx), "cloneSnapshot " + snapshot.getName(),
hTableDescriptor.getTableName(), null, null,
Permission.Action.ADMIN);
{code}
{quote}
This change will still work as it internally also checks whether the user has
namespace admin permission.
> Snapshot owner can't clone
> --------------------------
>
> Key: HBASE-16724
> URL: https://issues.apache.org/jira/browse/HBASE-16724
> Project: HBase
> Issue Type: Bug
> Components: snapshots
> Affects Versions: 2.0.0
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
>
> Currently only Global admin has the access of cloning a snapshot.
> In AccessController,
> {code}
> @Override
> public void preCloneSnapshot(final
> ObserverContext<MasterCoprocessorEnvironment> ctx,
> final SnapshotDescription snapshot, final HTableDescriptor
> hTableDescriptor)
> throws IOException {
> requirePermission(getActiveUser(ctx), "cloneSnapshot " +
> snapshot.getName(), Action.ADMIN);
> }
> {code}
> Snapshot owner should be able to clone it, need to add a check like,
> {code}
> SnapshotDescriptionUtils.isSnapshotOwner(snapshot, user)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
