[jira] [Updated] (HBASE-5372) Table mutation operations should check table level rights, not global rights

Thu, 14 Jun 2012 03:59:48 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-5372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Laxman updated HBASE-5372:
--------------------------

    Description: drop/modify/disable/enable etc table operations should not 
check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. Since we 
check for global permissions first for table permissions, configuring table 
access using global permissions will continue to work.   (was: 
getUserPermissions(tableName)/grant/revoke and drop/modify table operations 
should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. 
The reasoning is that if a user is able to admin or read from a table, she 
should be able to read the table's permissions. We can choose whether we want 
only READ or ADMIN permissions for getUserPermission(). Since we check for 
global permissions first for table permissions, configuring table access using 
global permissions will continue to work. )

{quote}
getUserPermissions(tableName)/grant/revoke

The reasoning is that if a user is able to admin or read from a table, she 
should be able to read the table's permissions. We can choose whether we want 
only READ or ADMIN permissions for getUserPermission().
{quote}

ACL corrections for AccessController protocol apis will be addressed in 
HBASE-6209.
                
> Table mutation operations should check table level rights, not global rights 
> -----------------------------------------------------------------------------
>
>                 Key: HBASE-5372
>                 URL: https://issues.apache.org/jira/browse/HBASE-5372
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0, 0.96.0, 0.94.1
>            Reporter: Enis Soztutar
>            Assignee: Laxman
>              Labels: security
>             Fix For: 0.96.0, 0.94.1
>
>         Attachments: HBASE-5372.patch
>
>
> drop/modify/disable/enable etc table operations should not check for global 
> CREATE/ADMIN rights, but table CREATE/ADMIN rights. Since we check for global 
> permissions first for table permissions, configuring table access using 
> global permissions will continue to work. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to