Here is related code from AccessController:
{code}
public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment>
c, byte[] tableName)
...
requirePermission("disableTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
{code}
requirePermission() iterates through the above permissions and would return
error for the second permission (CREATE) if validation fails.
Cheers
On Tue, Feb 25, 2014 at 12:12 PM, Alex Nastetsky <[email protected]>wrote:
> According to
>
> http://hbase.apache.org/book/hbase.accesscontrol.configuration.html#d2566e5780
> ,
> the Enable/Disable operation is controlled by the Admin permission.
> However, it seems to be controlled instead by the Create permission. Is
> this a bug or a typo in the documentation?
>
> hbase(main):002:0> disable 'foo'
>
> ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions ([email protected], scope=foo, family=, action=CREATE)
>
> Thanks in advance,
> Alex.
>
