[
https://issues.apache.org/jira/browse/HBASE-5947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270645#comment-13270645
]
Andrew Purtell commented on HBASE-5947:
---------------------------------------
bq. HBase Shell grant/revoke doesn't check for valid user or
table/family/qualifier so can you end up having rights for something that
doesn't exists.
There is an existence check done for the table/family.
{code}
def grant(user, permissions, table_name, family=nil, qualifier=nil)
security_available?
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless
exists?(table_name)
htd = @admin.getTableDescriptor(table_name.to_java_bytes)
if (family != nil)
raise(ArgumentError, "Can't find a family: #{family}") unless
htd.hasFamily(family.to_java_bytes)
end
{code}
Did you mean this sort of checking is not done at the (Java) API level?
How do you suggest to check for the existence of the user?
> Check for valid user/table/family/qualifier and acl state
> ---------------------------------------------------------
>
> Key: HBASE-5947
> URL: https://issues.apache.org/jira/browse/HBASE-5947
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.92.1, 0.94.0, 0.96.0
> Reporter: Matteo Bertozzi
> Assignee: Matteo Bertozzi
> Labels: acl
>
> HBase Shell grant/revoke doesn't check for valid user or
> table/family/qualifier so can you end up having rights for something that
> doesn't exists.
> We might also want to ensure, upon table/column creation, that no entries are
> already stored at the acl table. We might still have residual acl entries if
> something goes wrong, in postDeleteTable(), postDeleteColumn().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
