[ 
https://issues.apache.org/jira/browse/PIG-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12763346#action_12763346
 ] 

Raghu Angadi commented on PIG-987:
----------------------------------

I finally got some time look into this. Yes. I think the it should be fixed in 
the tests. TestColumnGroup.java says :  
{noformat}
    ColumnGroup.Writer writer = new ColumnGroup.Writer(path, strSchema, sorted,
        "pig", "gz", "gauravj", "users", (short) Short.parseShort("755", 8), 
false, conf);
{noformat}

using local FS. How can we expect users to have a user name "gauravj" on their 
machines and run as superusers :)? just can not be done.

If the test wants to run with these permissions we should do :
 a) use HDFS (MiniDFSCluster) rather than local filesystem. The tester has all 
the permissions on a MiniDFS.
 b) minor : use a generic name than gauravj.


> [zebra] Zebra Column Group Access Control
> -----------------------------------------
>
>                 Key: PIG-987
>                 URL: https://issues.apache.org/jira/browse/PIG-987
>             Project: Pig
>          Issue Type: New Feature
>    Affects Versions: 0.6.0
>            Reporter: Yan Zhou
>            Assignee: Yan Zhou
>         Attachments: ColumnGroupSecurity.patch, ColumnGroupSecurity.patch, 
> TEST-org.apache.hadoop.zebra.io.TestCheckin.txt, 
> TEST-org.apache.hadoop.zebra.mapred.TestCheckin.txt, tmp-987-plus-991.patch
>
>
> Access Control: when processes try to read from the column groups, Zebra 
> should be able to handle allowed vs. disallowed user/application accesses.  
> The security is eventuallt granted by corresponding  HDFS security of the 
> data stored.
> Expected behavior when column group permissions are set:
>     When user selects only columns that they do not have permissions to 
> access, Zebra should return error with message "Error #: Permission denied 
> for accessing column <column name or names> 
> Access control applies to an entire column group, so all columns in a column 
> group have same permissions. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to