[jira] [Commented] (HBASE-6188) Remove the concept of table owner

[Laxman (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13393391#comment-13393391
 ] 

Laxman commented on HBASE-6188:
-------------------------------

Thanks for pointing it out Andy. I couldn't notice these test failures as they 
are intermittent failures.
Even in QA bot build also passing. I will correct this.

{quote}
The new code in postCreateTable must make a special case for the ACL table. 
It's not possible to call AccessControlLists.addUserPermission before the ACL 
table is deployed, i.e. created.
{quote}

Introducing a check like below is fine?

{code}
  public void postCreateTable(ObserverContext<MasterCoprocessorEnvironment> c,
      HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
    if (!AccessControlLists.isAclTable(desc)) {
      String owner = desc.getOwnerString();
      // default the table owner to current user, if not specified.
      if (owner == null) owner = getActiveUser().getShortName();
      UserPermission userperm = new UserPermission(Bytes.toBytes(owner), 
desc.getName(), null,
          Action.values());
      
AccessControlLists.addUserPermission(c.getEnvironment().getConfiguration(), 
userperm);
    }
  }
{code}

Apologies for the noise due to multiple submissions for this issue.
                
> Remove the concept of table owner
> ---------------------------------
>
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0, 0.96.0, 0.94.1
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
>             Fix For: 0.96.0, 0.94.1
>
>         Attachments: HBASE-6188.1.patch, HBASE-6188.2.patch, HBASE-6188.patch
>
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE 
> permission can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds 
> unnecessary conditionals to our code. So instead the administrator with 
> GLOBAL CREATE permission should make the appropriate grants at table create 
> time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira