[
https://issues.apache.org/jira/browse/HBASE-5385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13265451#comment-13265451
]
Matteo Bertozzi commented on HBASE-5385:
----------------------------------------
{quote}
On preCreateTable and preAddColumn, ensure that the acl table is empty for the
table / column. We might still have residual acl entries if smt goes wrong. If
so, we should refuse creating a table by throwing a kind of access control
exception.
{quote}
Currently there's no check on grant to see if the table/family/qualifier exist.
Maybe we can open another jira for this, to implement the exists check on grant
and verify in all pre* if there's nothing left.
> Delete table/column should delete stored permissions on -acl- table
> ---------------------------------------------------------------------
>
> Key: HBASE-5385
> URL: https://issues.apache.org/jira/browse/HBASE-5385
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0
> Reporter: Enis Soztutar
> Assignee: Matteo Bertozzi
> Attachments: HBASE-5385-v0.patch, HBASE-5385-v1.patch
>
>
> Deleting the table or a column does not cascade to the stored permissions at
> the -acl- table. We should also remove those permissions, otherwise, it can
> be a security leak, where freshly created tables contain permissions from
> previous same-named tables. We might also want to ensure, upon table
> creation, that no entries are already stored at the -acl- table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
