You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2012/05/08 19:49:49 UTC
[jira] [Commented] (HBASE-5947) Check for valid
user/table/family/qualifier and acl state
[ https://issues.apache.org/jira/browse/HBASE-5947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270645#comment-13270645 ]
Andrew Purtell commented on HBASE-5947:
---------------------------------------
bq. HBase Shell grant/revoke doesn't check for valid user or table/family/qualifier so can you end up having rights for something that doesn't exists.
There is an existence check done for the table/family.
{code}
def grant(user, permissions, table_name, family=nil, qualifier=nil)
security_available?
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
htd = @admin.getTableDescriptor(table_name.to_java_bytes)
if (family != nil)
raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes)
end
{code}
Did you mean this sort of checking is not done at the (Java) API level?
How do you suggest to check for the existence of the user?
> Check for valid user/table/family/qualifier and acl state
> ---------------------------------------------------------
>
> Key: HBASE-5947
> URL: https://issues.apache.org/jira/browse/HBASE-5947
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.92.1, 0.94.0, 0.96.0
> Reporter: Matteo Bertozzi
> Assignee: Matteo Bertozzi
> Labels: acl
>
> HBase Shell grant/revoke doesn't check for valid user or table/family/qualifier so can you end up having rights for something that doesn't exists.
> We might also want to ensure, upon table/column creation, that no entries are already stored at the acl table. We might still have residual acl entries if something goes wrong, in postDeleteTable(), postDeleteColumn().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira