[
https://issues.apache.org/jira/browse/HBASE-18437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashish Singhi updated HBASE-18437:
----------------------------------
Description:
A table for which a user was granted 'RW' permission. Now when we want to
revoke its 'W' permission only, code removes the user itself from that table
permissions.
Below is the test code which reproduces the issue.
{noformat}
@Test(timeout = 180000)
public void testRevokeOnlySomePerms() throws Throwable {
TableName name = TableName.valueOf("testAgain");
HTableDescriptor htd = new HTableDescriptor(name);
HColumnDescriptor hcd = new HColumnDescriptor("cf");
htd.addFamily(hcd);
createTable(TEST_UTIL, htd);
TEST_UTIL.waitUntilAllRegionsAssigned(name);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
AccessControlClient.grant(conn, name, USER_RO.getShortName(), null, null,
Action.READ, Action.WRITE);
ListMultimap<String, TablePermission> tablePermissions =
AccessControlLists.getTablePermissions(conf, name);
// hbase user and USER_RO has permis
assertEquals(2, tablePermissions.size());
AccessControlClient.revoke(conn, name, USER_RO.getShortName(), null,
null, Action.WRITE);
tablePermissions = AccessControlLists.getTablePermissions(conf, name);
List<TablePermission> userPerm =
tablePermissions.get(USER_RO.getShortName());
assertEquals(1, userPerm.size());
} finally {
deleteTable(TEST_UTIL, name);
}
}
{noformat}
was:
A table for which a user was granted 'RW' permission. Now when we want to
revoke its 'W' permission only, code removes the user itself from that table
permissions.
Below is the test code which reproduces the issue.
{noformat}
@Test(timeout = 180000)
public void testRevokeOnlySomePerms() throws Throwable {
TableName name = TableName.valueOf("testAgain");
HTableDescriptor htd = new HTableDescriptor(name);
HColumnDescriptor hcd = new HColumnDescriptor("cf");
htd.addFamily(hcd);
createTable(TEST_UTIL, htd);
TEST_UTIL.waitUntilAllRegionsAssigned(name);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
AccessControlClient.grant(conn, name, USER_RO.getShortName(), null, null,
Action.READ, Action.WRITE);
ListMultimap<String, TablePermission> tablePermissions =
AccessControlLists.getTablePermissions(conf, name);
// hbase user and USER_RO has permis
assertEquals(2, tablePermissions.size());
AccessControlClient.revoke(conn, name, USER_RO.getShortName(), null,
null, Action.READ, Action.WRITE);
tablePermissions = AccessControlLists.getTablePermissions(conf, name);
List<TablePermission> userPerm =
tablePermissions.get(USER_RO.getShortName());
assertEquals(1, userPerm.size());
} finally {
deleteTable(TEST_UTIL, name);
}
}
{noformat}
> Revoke access permissions of a user from a table does not work as expected
> --------------------------------------------------------------------------
>
> Key: HBASE-18437
> URL: https://issues.apache.org/jira/browse/HBASE-18437
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 1.1.12
> Reporter: Ashish Singhi
> Assignee: Ashish Singhi
>
> A table for which a user was granted 'RW' permission. Now when we want to
> revoke its 'W' permission only, code removes the user itself from that table
> permissions.
> Below is the test code which reproduces the issue.
> {noformat}
> @Test(timeout = 180000)
> public void testRevokeOnlySomePerms() throws Throwable {
> TableName name = TableName.valueOf("testAgain");
> HTableDescriptor htd = new HTableDescriptor(name);
> HColumnDescriptor hcd = new HColumnDescriptor("cf");
> htd.addFamily(hcd);
> createTable(TEST_UTIL, htd);
> TEST_UTIL.waitUntilAllRegionsAssigned(name);
> try (Connection conn = ConnectionFactory.createConnection(conf)) {
> AccessControlClient.grant(conn, name, USER_RO.getShortName(), null,
> null, Action.READ, Action.WRITE);
> ListMultimap<String, TablePermission> tablePermissions =
> AccessControlLists.getTablePermissions(conf, name);
> // hbase user and USER_RO has permis
> assertEquals(2, tablePermissions.size());
> AccessControlClient.revoke(conn, name, USER_RO.getShortName(), null,
> null, Action.WRITE);
> tablePermissions = AccessControlLists.getTablePermissions(conf, name);
> List<TablePermission> userPerm =
> tablePermissions.get(USER_RO.getShortName());
> assertEquals(1, userPerm.size());
> } finally {
> deleteTable(TEST_UTIL, name);
> }
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
