[ https://issues.apache.org/jira/browse/HBASE-5372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-5372: -------------------------- Tags: Huawei Fix Version/s: 0.94.1 0.96.0 Labels: security (was: ) Affects Version/s: 0.94.1 0.96.0 0.94.0 Status: Patch Available (was: Open) Corrected ACL as per the matrix. https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf Please review the patch. > Table mutation operations should check table level rights, not global rights > ----------------------------------------------------------------------------- > > Key: HBASE-5372 > URL: https://issues.apache.org/jira/browse/HBASE-5372 > Project: HBase > Issue Type: Sub-task > Components: security > Affects Versions: 0.94.0, 0.96.0, 0.94.1 > Reporter: Enis Soztutar > Assignee: Laxman > Labels: security > Fix For: 0.96.0, 0.94.1 > > > getUserPermissions(tableName)/grant/revoke and drop/modify table operations > should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN > rights. The reasoning is that if a user is able to admin or read from a > table, she should be able to read the table's permissions. We can choose > whether we want only READ or ADMIN permissions for getUserPermission(). Since > we check for global permissions first for table permissions, configuring > table access using global permissions will continue to work. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira