You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Ted Yu (JIRA)" <ji...@apache.org> on 2014/06/10 16:38:02 UTC

[jira] [Resolved] (HBASE-11300) Wrong permission check for checkAndPut in AccessController

     [ https://issues.apache.org/jira/browse/HBASE-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ted Yu resolved HBASE-11300.
----------------------------

    Resolution: Invalid

> Wrong permission check for checkAndPut in AccessController
> ----------------------------------------------------------
>
>                 Key: HBASE-11300
>                 URL: https://issues.apache.org/jira/browse/HBASE-11300
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.99.0
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>
> For the checkAndPut operation, the AccessController only checks the read and write permission for the family and qualifier to check, but ignores the write permission for the family map of "put". What's more,  we don't need the write permission for the family and qualifier to check.
> See the code AccessController.java #1538
> {code}
>     Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
>     User user = getActiveUser();
>     AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
>       Action.READ, Action.WRITE);
> {code}
> Same problem for checkAndDelete operation.



--
This message was sent by Atlassian JIRA
(v6.2#6252)