You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "ramkrishna.s.vasudevan (JIRA)" <ji...@apache.org> on 2014/06/06 06:49:02 UTC
[jira] [Commented] (HBASE-11300) Wrong permission check for
checkAndPut in AccessController
[ https://issues.apache.org/jira/browse/HBASE-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14019573#comment-14019573 ]
ramkrishna.s.vasudevan commented on HBASE-11300:
------------------------------------------------
I think it makes sense to see if the family map on 'put' has write permission.
> Wrong permission check for checkAndPut in AccessController
> ----------------------------------------------------------
>
> Key: HBASE-11300
> URL: https://issues.apache.org/jira/browse/HBASE-11300
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.99.0
> Reporter: Liu Shaohui
> Assignee: Liu Shaohui
> Priority: Minor
>
> For the checkAndPut operation, the AccessController only checks the read and write permission for the family and qualifier to check, but ignores the write permission for the family map of "put". What's more, we don't need the write permission for the family and qualifier to check.
> See the code AccessController.java #1538
> {code}
> Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
> User user = getActiveUser();
> AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
> Action.READ, Action.WRITE);
> {code}
> Same problem for checkAndDelete operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)