You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2012/05/08 19:49:49 UTC

[jira] [Commented] (HBASE-5947) Check for valid user/table/family/qualifier and acl state

    [ https://issues.apache.org/jira/browse/HBASE-5947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270645#comment-13270645 ] 

Andrew Purtell commented on HBASE-5947:
---------------------------------------

bq. HBase Shell grant/revoke doesn't check for valid user or table/family/qualifier so can you end up having rights for something that doesn't exists.

There is an existence check done for the table/family. 

{code}
    def grant(user, permissions, table_name, family=nil, qualifier=nil)
      security_available?

      # Table should exist
      raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)

      htd = @admin.getTableDescriptor(table_name.to_java_bytes)

      if (family != nil)
        raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes)
      end
{code}

Did you mean this sort of checking is not done at the (Java) API level?

How do you suggest to check for the existence of the user? 

                
> Check for valid user/table/family/qualifier and acl state
> ---------------------------------------------------------
>
>                 Key: HBASE-5947
>                 URL: https://issues.apache.org/jira/browse/HBASE-5947
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.92.1, 0.94.0, 0.96.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>              Labels: acl
>
> HBase Shell grant/revoke doesn't check for valid user or table/family/qualifier so can you end up having rights for something that doesn't exists.
> We might also want to ensure, upon table/column creation, that no entries are already stored at the acl table. We might still have residual acl entries if something goes wrong, in postDeleteTable(), postDeleteColumn().

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira