You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Liu Shaohui (JIRA)" <ji...@apache.org> on 2014/06/05 15:03:02 UTC

[jira] [Created] (HBASE-11300) Wrong permission check for checkAndPut in AccessController

Liu Shaohui created HBASE-11300:
-----------------------------------

             Summary: Wrong permission check for checkAndPut in AccessController
                 Key: HBASE-11300
                 URL: https://issues.apache.org/jira/browse/HBASE-11300
             Project: HBase
          Issue Type: Bug
          Components: security
    Affects Versions: 0.99.0
            Reporter: Liu Shaohui
            Assignee: Liu Shaohui
            Priority: Minor


For the checkAndPut operation, the AccessController only checks the read and write permission for the family and qualifier to check, but ignores the write permission for the family map of "put". What's more,  we don't need the write permission for the family and qualifier to check.

See the code AccessController.java #1538
{code}
    Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
    User user = getActiveUser();
    AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
      Action.READ, Action.WRITE);
{code}

Same problem for checkAndDelete operation.




--
This message was sent by Atlassian JIRA
(v6.2#6252)