You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Guanghao Zhang (JIRA)" <ji...@apache.org> on 2019/06/17 06:38:01 UTC
[jira] [Comment Edited] (HBASE-22581) user with "CREATE" permission
can grant, but not revoke permissions on created table
[ https://issues.apache.org/jira/browse/HBASE-22581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16865366#comment-16865366 ]
Guanghao Zhang edited comment on HBASE-22581 at 6/17/19 6:37 AM:
-----------------------------------------------------------------
+1. This is a problem only for 2.0 and 2.1 now.
For 2.2+, it was fixed in HBASE-21814.
was (Author: zghaobac):
+1. This should only a problem for 2.1 and 2.0. For 2.2++, it is fixed in HBASE-21814.
> user with "CREATE" permission can grant, but not revoke permissions on created table
> ------------------------------------------------------------------------------------
>
> Key: HBASE-22581
> URL: https://issues.apache.org/jira/browse/HBASE-22581
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 2.1.1, 2.1.5, 2.1.6
> Reporter: István Tóth
> Assignee: István Tóth
> Priority: Major
> Attachments: HBASE-22581.branch-2.1.001.patch, HBASE-22581.branch-2.1.002.patch, HBASE-22581.branch-2.1.003.patch, HBASE-22581.branch-2.1.004.patch, HBASE-22581.master.001.patch
>
>
> A user that only has global or namespace "CREATE" permission can grant permissions to another user on its created table, but cannot revoke them.
> This bug exists on branch-2.1, from 2.1.1
> 2.0, 2.1.0, master, and branch-2.2 are not effected.
> The bug can be triggered via hbase shell:
> {code:java}
> #Start hbase shell as superuse
> #export HADOOP_USER_NAME=hbase
> hbase shell
> grant 'regularUser1', 'C'
> exit
> #Run hbase shell as regularUser1
> #grant, then revoke 'RX' permission to regularUser2
> #export HADOOP_USER_NAME=regularUser1
> hbase shell
> create 'nunuke','nunuke'
> grant 'regularUser2', 'RX', 'nunuke'
> #This will fail on 2.1.1+
> revoke 'regularUser2', 'nunuke'
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)