You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/05/24 06:55:41 UTC

[jira] [Created] (HBASE-6086) Admin operations on a table should be authorized against table permissions instead of global permissions.

Laxman created HBASE-6086:
-----------------------------

             Summary: Admin operations on a table should be authorized against table permissions instead of global permissions.
                 Key: HBASE-6086
                 URL: https://issues.apache.org/jira/browse/HBASE-6086
             Project: HBase
          Issue Type: Sub-task
          Components: security
    Affects Versions: 0.94.0
            Reporter: Laxman
            Assignee: Laxman


Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.

{code}
+  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
+      byte[] tableName) throws IOException {
+    if (isActiveUserTableOwner(e, tableName)) {
+      requirePermission(Permission.Action.CREATE);
+    } else {
+      requirePermission(Permission.Action.ADMIN);
+    }
+  }
{code}


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (HBASE-6086) Admin operations on a table should be authorized against table permissions instead of global permissions.

Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HBASE-6086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Purtell resolved HBASE-6086.
-----------------------------------

    Resolution: Duplicate
    
> Admin operations on a table should be authorized against table permissions instead of global permissions.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-6086
>                 URL: https://issues.apache.org/jira/browse/HBASE-6086
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0
>            Reporter: Laxman
>            Assignee: Laxman
>              Labels: acl, security
>
> Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.
> {code}
> +  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
> +      byte[] tableName) throws IOException {
> +    if (isActiveUserTableOwner(e, tableName)) {
> +      requirePermission(Permission.Action.CREATE);
> +    } else {
> +      requirePermission(Permission.Action.ADMIN);
> +    }
> +  }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HBASE-6086) Admin operations on a table should be authorized against table permissions instead of global permissions.

Posted by "Matteo Bertozzi (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HBASE-6086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13282196#comment-13282196 ] 

Matteo Bertozzi commented on HBASE-6086:
----------------------------------------

This is the same as HBASE-5372
                
> Admin operations on a table should be authorized against table permissions instead of global permissions.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-6086
>                 URL: https://issues.apache.org/jira/browse/HBASE-6086
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0
>            Reporter: Laxman
>            Assignee: Laxman
>              Labels: acl, security
>
> Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.
> {code}
> +  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
> +      byte[] tableName) throws IOException {
> +    if (isActiveUserTableOwner(e, tableName)) {
> +      requirePermission(Permission.Action.CREATE);
> +    } else {
> +      requirePermission(Permission.Action.ADMIN);
> +    }
> +  }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HBASE-6086) Admin operations on a table should be authorized against table permissions instead of global permissions.

Posted by "Laxman (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HBASE-6086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13282197#comment-13282197 ] 

Laxman commented on HBASE-6086:
-------------------------------

Thanks Mat. I will discuss in HBASE-5372.
                
> Admin operations on a table should be authorized against table permissions instead of global permissions.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-6086
>                 URL: https://issues.apache.org/jira/browse/HBASE-6086
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0
>            Reporter: Laxman
>            Assignee: Laxman
>              Labels: acl, security
>
> Still some inconsistency exists after HBASE-6061. We actually need to authorize against table permissions instead of global permissions here.
> {code}
> +  private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
> +      byte[] tableName) throws IOException {
> +    if (isActiveUserTableOwner(e, tableName)) {
> +      requirePermission(Permission.Action.CREATE);
> +    } else {
> +      requirePermission(Permission.Action.ADMIN);
> +    }
> +  }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira