Sounds like either permission is sufficient. Either way, the documentation could be improved.
Thanks. On Tue, Feb 25, 2014 at 3:22 PM, Ted Yu <[email protected]> wrote: > Here is related code from AccessController: > {code} > public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> > c, byte[] tableName) > ... > requirePermission("disableTable", tableName, null, null, Action.ADMIN, > Action.CREATE); > {code} > requirePermission() iterates through the above permissions and would return > error for the second permission (CREATE) if validation fails. > > Cheers > > > On Tue, Feb 25, 2014 at 12:12 PM, Alex Nastetsky <[email protected] > >wrote: > > > According to > > > > > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html#d2566e5780 > > , > > the Enable/Disable operation is controlled by the Admin permission. > > However, it seems to be controlled instead by the Create permission. Is > > this a bug or a typo in the documentation? > > > > hbase(main):002:0> disable 'foo' > > > > ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: > Insufficient > > permissions ([email protected], scope=foo, family=, > action=CREATE) > > > > Thanks in advance, > > Alex. > > >
