[ https://issues.apache.org/jira/browse/HBASE-21814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guanghao Zhang updated HBASE-21814: ----------------------------------- Description: The TODO was added by me. Because this method happens within the RS. The old impl use a login user(User.runAsLoginUser where the login user is the user who started RS process) to call Table.put(). And it will check the permission when put record to ACL table. {code:java} User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm, regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME), request.getMergeExistingPermissions()); return null; } }); {code} But after HBASE-21739, no need to User.runAsLoginUser. Because we will call Admin method to grant/revoke. And this will be execute in master and use the master user(the user who started master process) to call Table.put. So this is not a problem now. was:The TODO was added by me. Because this method happens within the RS. But after HBASE-21739, grant/revoke will execute by master. So this is not a problem now. > Remove the TODO in AccessControlLists#addUserPermission > ------------------------------------------------------- > > Key: HBASE-21814 > URL: https://issues.apache.org/jira/browse/HBASE-21814 > Project: HBase > Issue Type: Bug > Reporter: Guanghao Zhang > Assignee: Guanghao Zhang > Priority: Major > Fix For: 3.0.0, 2.2.0, 2.3.0 > > Attachments: HBASE-21814.master.001.patch > > > The TODO was added by me. Because this method happens within the RS. The old > impl use a login user(User.runAsLoginUser where the login user is the user > who started RS process) to call Table.put(). And it will check the permission > when put record to ACL table. > > {code:java} > User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { > @Override > public Void run() throws Exception { > > AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm, > regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME), > request.getMergeExistingPermissions()); > return null; > } > }); > {code} > > But after HBASE-21739, no need to User.runAsLoginUser. Because we will call > Admin method to grant/revoke. And this will be execute in master and use the > master user(the user who started master process) to call Table.put. So this > is not a problem now. -- This message was sent by Atlassian JIRA (v7.6.3#76005)