[jira] [Updated] (HBASE-5787) Table owner can't disable/delete his/her own table
[ https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhihong Yu updated HBASE-5787: -- Summary: Table owner can't disable/delete his/her own table (was: Table owner can't disable/delete its own table) Table owner can't disable/delete his/her own table -- Key: HBASE-5787 URL: https://issues.apache.org/jira/browse/HBASE-5787 Project: HBase Issue Type: Bug Components: security Affects Versions: 0.92.1, 0.94.0, 0.96.0 Reporter: Matteo Bertozzi Assignee: Matteo Bertozzi Priority: Minor Labels: acl, security Fix For: 0.92.2, 0.96.0, 0.94.1 Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch, HBASE-5787-v1.patch An user with CREATE privileges can create a table, but can not disable it, because disable operation require ADMIN privileges. Also if a table is already disabled, anyone can remove it. {code} public void preDeleteTable(ObserverContextMasterCoprocessorEnvironment c, byte[] tableName) throws IOException { requirePermission(Permission.Action.CREATE); } public void preDisableTable(ObserverContextMasterCoprocessorEnvironment c, byte[] tableName) throws IOException { /* TODO: Allow for users with global CREATE permission and the table owner */ requirePermission(Permission.Action.ADMIN); } {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-5787) Table owner can't disable/delete his/her own table
[ https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lars Hofhansl updated HBASE-5787: - Fix Version/s: (was: 0.94.1) 0.94.0 Table owner can't disable/delete his/her own table -- Key: HBASE-5787 URL: https://issues.apache.org/jira/browse/HBASE-5787 Project: HBase Issue Type: Bug Components: security Affects Versions: 0.92.1, 0.94.0, 0.96.0 Reporter: Matteo Bertozzi Assignee: Matteo Bertozzi Priority: Minor Labels: acl, security Fix For: 0.92.2, 0.94.0, 0.96.0 Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch, HBASE-5787-v1.patch An user with CREATE privileges can create a table, but can not disable it, because disable operation require ADMIN privileges. Also if a table is already disabled, anyone can remove it. {code} public void preDeleteTable(ObserverContextMasterCoprocessorEnvironment c, byte[] tableName) throws IOException { requirePermission(Permission.Action.CREATE); } public void preDisableTable(ObserverContextMasterCoprocessorEnvironment c, byte[] tableName) throws IOException { /* TODO: Allow for users with global CREATE permission and the table owner */ requirePermission(Permission.Action.ADMIN); } {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira