You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Liu Shaohui (JIRA)" <ji...@apache.org> on 2014/06/05 15:03:02 UTC
[jira] [Created] (HBASE-11300) Wrong permission check for
checkAndPut in AccessController
Liu Shaohui created HBASE-11300:
-----------------------------------
Summary: Wrong permission check for checkAndPut in AccessController
Key: HBASE-11300
URL: https://issues.apache.org/jira/browse/HBASE-11300
Project: HBase
Issue Type: Bug
Components: security
Affects Versions: 0.99.0
Reporter: Liu Shaohui
Assignee: Liu Shaohui
Priority: Minor
For the checkAndPut operation, the AccessController only checks the read and write permission for the family and qualifier to check, but ignores the write permission for the family map of "put". What's more, we don't need the write permission for the family and qualifier to check.
See the code AccessController.java #1538
{code}
Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
User user = getActiveUser();
AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
Action.READ, Action.WRITE);
{code}
Same problem for checkAndDelete operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)