[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259506#comment-13259506
]
Hudson commented on HBASE-5787:
---
Integrated in HBase-0.92-security #105 (See
[https://builds.apache.org/job/HBase-0.92-security/105/])
HBASE-5787 Table owner can't disable/delete its own table (Matteo)
(Revision 1327758)
Result = FAILURE
tedyu :
Files :
* /hbase/branches/0.92/CHANGES.txt
*
/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257712#comment-13257712
]
Hudson commented on HBASE-5787:
---
Integrated in HBase-0.94-security #17 (See
[https://builds.apache.org/job/HBase-0.94-security/17/])
HBASE-5787 Table owner can't disable/delete its own table (Matteo)
(Revision 1327757)
Result = FAILURE
tedyu :
Files :
*
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257265#comment-13257265
]
Hudson commented on HBASE-5787:
---
Integrated in HBase-TRUNK-security #175 (See
[https://builds.apache.org/job/HBase-TRUNK-security/175/])
HBASE-5787 Table owner can't disable/delete its own table (Matteo)
(Revision 1327605)
Result = FAILURE
tedyu :
Files :
*
/hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257151#comment-13257151
]
Hudson commented on HBASE-5787:
---
Integrated in HBase-0.94 #131 (See
[https://builds.apache.org/job/HBase-0.94/131/])
HBASE-5787 Table owner can't disable/delete its own table (Matteo)
(Revision 1327757)
Result = FAILURE
tedyu :
Files :
*
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257119#comment-13257119
]
Zhihong Yu commented on HBASE-5787:
---
Thanks for the information, Andy.
Integrated to 0.92 and 0.94 as well.
Thanks for the patch, Matteo.
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257104#comment-13257104
]
Andrew Purtell commented on HBASE-5787:
---
This seems fine. The initial implementation had the notion of requiring ADMIN
for any table op that has global cluster implications, but then went back and
changed that to allow at least users to create tables if they had CREATE
permission. The delete case seems a bug. All around an area that required
improvement.
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256898#comment-13256898
]
Hudson commented on HBASE-5787:
---
Integrated in HBase-TRUNK #2781 (See
[https://builds.apache.org/job/HBase-TRUNK/2781/])
HBASE-5787 Table owner can't disable/delete its own table (Matteo)
(Revision 1327605)
Result = FAILURE
tedyu :
Files :
*
/hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
*
/hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.94.0, 0.96.0
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256862#comment-13256862
]
Zhihong Yu commented on HBASE-5787:
---
I applied latest patch to 0.92 and was able to run the test:
{code}
Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 45.115 sec
Results :
Tests run: 21, Failures: 0, Errors: 0, Skipped: 0
{code}
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.94.0, 0.96.0
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256785#comment-13256785
]
Matteo Bertozzi commented on HBASE-5787:
except for a getConf() -> getConfiguration() change nothing is changed in
AccessController between 0.92 and trunk
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Fix For: 0.92.2, 0.94.0, 0.96.0
>
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256777#comment-13256777
]
Zhihong Yu commented on HBASE-5787:
---
Inetgrated to trunk.
I think this should go to 0.94.0 as well.
What do you think, Lars ?
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13256747#comment-13256747
]
Matteo Bertozzi commented on HBASE-5787:
any additional thoughts or comments on the patch?
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch,
> HBASE-5787-v1.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13254336#comment-13254336
]
Zhihong Yu commented on HBASE-5787:
---
Thanks for the update.
Can you combine the two patches and run through tests again, including the
following two ?
{code}
security/src/test//java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
security/src/test//java/org/apache/hadoop/hbase/security/token/TestZKSecretWatcher.java
{code}
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5787) Table owner can't disable/delete its own table
[
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13253855#comment-13253855
]
Zhihong Yu commented on HBASE-5787:
---
Patch makes sense.
Please run through security test suite and let us know the result.
> Table owner can't disable/delete its own table
> --
>
> Key: HBASE-5787
> URL: https://issues.apache.org/jira/browse/HBASE-5787
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.92.1, 0.94.0, 0.96.0
>Reporter: Matteo Bertozzi
>Assignee: Matteo Bertozzi
>Priority: Minor
> Labels: acl, security
> Attachments: HBASE-5787-v0.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it,
> because disable operation require ADMIN privileges. Also if a table is
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext c,
> byte[] tableName) throws IOException {
> requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext c,
> byte[] tableName) throws IOException {
> /* TODO: Allow for users with global CREATE permission and the table owner
> */
> requirePermission(Permission.Action.ADMIN);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
