You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by gi...@apache.org on 2018/05/29 14:48:08 UTC
[02/28] hbase-site git commit: Published site at
42be553433775c5985f6c68f8178e51afb0a402e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/b1ff7c99/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.html
----------------------------------------------------------------------
diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.html
index d4feb37..c361c2a 100644
--- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.html
+++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.html
@@ -258,259 +258,260 @@
<span class="sourceLineNo">250</span> @Override<a name="line.250"></a>
<span class="sourceLineNo">251</span> public Object run() throws Exception {<a name="line.251"></a>
<span class="sourceLineNo">252</span> ACCESS_CONTROLLER.preModifyNamespace(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.252"></a>
-<span class="sourceLineNo">253</span> NamespaceDescriptor.create(TEST_NAMESPACE).addConfiguration("abc", "156").build());<a name="line.253"></a>
-<span class="sourceLineNo">254</span> return null;<a name="line.254"></a>
-<span class="sourceLineNo">255</span> }<a name="line.255"></a>
-<span class="sourceLineNo">256</span> };<a name="line.256"></a>
-<span class="sourceLineNo">257</span><a name="line.257"></a>
-<span class="sourceLineNo">258</span> // modifyNamespace: superuser | global(A) | NS(A)<a name="line.258"></a>
-<span class="sourceLineNo">259</span> verifyAllowed(modifyNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.259"></a>
-<span class="sourceLineNo">260</span> verifyDenied(modifyNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.260"></a>
-<span class="sourceLineNo">261</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.261"></a>
-<span class="sourceLineNo">262</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.262"></a>
-<span class="sourceLineNo">263</span> }<a name="line.263"></a>
-<span class="sourceLineNo">264</span><a name="line.264"></a>
-<span class="sourceLineNo">265</span> @Test<a name="line.265"></a>
-<span class="sourceLineNo">266</span> public void testCreateAndDeleteNamespace() throws Exception {<a name="line.266"></a>
-<span class="sourceLineNo">267</span> AccessTestAction createNamespace = new AccessTestAction() {<a name="line.267"></a>
-<span class="sourceLineNo">268</span> @Override<a name="line.268"></a>
-<span class="sourceLineNo">269</span> public Object run() throws Exception {<a name="line.269"></a>
-<span class="sourceLineNo">270</span> ACCESS_CONTROLLER.preCreateNamespace(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.270"></a>
-<span class="sourceLineNo">271</span> NamespaceDescriptor.create(TEST_NAMESPACE2).build());<a name="line.271"></a>
-<span class="sourceLineNo">272</span> return null;<a name="line.272"></a>
-<span class="sourceLineNo">273</span> }<a name="line.273"></a>
-<span class="sourceLineNo">274</span> };<a name="line.274"></a>
-<span class="sourceLineNo">275</span><a name="line.275"></a>
-<span class="sourceLineNo">276</span> AccessTestAction deleteNamespace = new AccessTestAction() {<a name="line.276"></a>
-<span class="sourceLineNo">277</span> @Override<a name="line.277"></a>
-<span class="sourceLineNo">278</span> public Object run() throws Exception {<a name="line.278"></a>
-<span class="sourceLineNo">279</span> ACCESS_CONTROLLER.preDeleteNamespace(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.279"></a>
-<span class="sourceLineNo">280</span> TEST_NAMESPACE2);<a name="line.280"></a>
-<span class="sourceLineNo">281</span> return null;<a name="line.281"></a>
-<span class="sourceLineNo">282</span> }<a name="line.282"></a>
-<span class="sourceLineNo">283</span> };<a name="line.283"></a>
-<span class="sourceLineNo">284</span><a name="line.284"></a>
-<span class="sourceLineNo">285</span> // createNamespace: superuser | global(A)<a name="line.285"></a>
-<span class="sourceLineNo">286</span> verifyAllowed(createNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.286"></a>
-<span class="sourceLineNo">287</span> // all others should be denied<a name="line.287"></a>
-<span class="sourceLineNo">288</span> verifyDenied(createNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.288"></a>
-<span class="sourceLineNo">289</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.289"></a>
-<span class="sourceLineNo">290</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.290"></a>
-<span class="sourceLineNo">291</span><a name="line.291"></a>
-<span class="sourceLineNo">292</span> // deleteNamespace: superuser | global(A) | NS(A)<a name="line.292"></a>
-<span class="sourceLineNo">293</span> verifyAllowed(deleteNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.293"></a>
-<span class="sourceLineNo">294</span> verifyDenied(deleteNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.294"></a>
-<span class="sourceLineNo">295</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.295"></a>
-<span class="sourceLineNo">296</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.296"></a>
-<span class="sourceLineNo">297</span> }<a name="line.297"></a>
-<span class="sourceLineNo">298</span><a name="line.298"></a>
-<span class="sourceLineNo">299</span> @Test<a name="line.299"></a>
-<span class="sourceLineNo">300</span> public void testGetNamespaceDescriptor() throws Exception {<a name="line.300"></a>
-<span class="sourceLineNo">301</span> AccessTestAction getNamespaceAction = new AccessTestAction() {<a name="line.301"></a>
-<span class="sourceLineNo">302</span> @Override<a name="line.302"></a>
-<span class="sourceLineNo">303</span> public Object run() throws Exception {<a name="line.303"></a>
-<span class="sourceLineNo">304</span> ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.304"></a>
-<span class="sourceLineNo">305</span> TEST_NAMESPACE);<a name="line.305"></a>
-<span class="sourceLineNo">306</span> return null;<a name="line.306"></a>
-<span class="sourceLineNo">307</span> }<a name="line.307"></a>
-<span class="sourceLineNo">308</span> };<a name="line.308"></a>
-<span class="sourceLineNo">309</span> // getNamespaceDescriptor : superuser | global(A) | NS(A)<a name="line.309"></a>
-<span class="sourceLineNo">310</span> verifyAllowed(getNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,<a name="line.310"></a>
-<span class="sourceLineNo">311</span> USER_GROUP_ADMIN);<a name="line.311"></a>
-<span class="sourceLineNo">312</span> verifyDenied(getNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.312"></a>
-<span class="sourceLineNo">313</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.313"></a>
-<span class="sourceLineNo">314</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.314"></a>
-<span class="sourceLineNo">315</span> }<a name="line.315"></a>
-<span class="sourceLineNo">316</span><a name="line.316"></a>
-<span class="sourceLineNo">317</span> @Test<a name="line.317"></a>
-<span class="sourceLineNo">318</span> public void testListNamespaces() throws Exception {<a name="line.318"></a>
-<span class="sourceLineNo">319</span> AccessTestAction listAction = new AccessTestAction() {<a name="line.319"></a>
-<span class="sourceLineNo">320</span> @Override<a name="line.320"></a>
-<span class="sourceLineNo">321</span> public Object run() throws Exception {<a name="line.321"></a>
-<span class="sourceLineNo">322</span> Connection unmanagedConnection =<a name="line.322"></a>
-<span class="sourceLineNo">323</span> ConnectionFactory.createConnection(UTIL.getConfiguration());<a name="line.323"></a>
-<span class="sourceLineNo">324</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.324"></a>
-<span class="sourceLineNo">325</span> try {<a name="line.325"></a>
-<span class="sourceLineNo">326</span> return Arrays.asList(admin.listNamespaceDescriptors());<a name="line.326"></a>
-<span class="sourceLineNo">327</span> } finally {<a name="line.327"></a>
-<span class="sourceLineNo">328</span> admin.close();<a name="line.328"></a>
-<span class="sourceLineNo">329</span> unmanagedConnection.close();<a name="line.329"></a>
-<span class="sourceLineNo">330</span> }<a name="line.330"></a>
-<span class="sourceLineNo">331</span> }<a name="line.331"></a>
-<span class="sourceLineNo">332</span> };<a name="line.332"></a>
-<span class="sourceLineNo">333</span><a name="line.333"></a>
-<span class="sourceLineNo">334</span> // listNamespaces : All access*<a name="line.334"></a>
-<span class="sourceLineNo">335</span> // * Returned list will only show what you can call getNamespaceDescriptor()<a name="line.335"></a>
-<span class="sourceLineNo">336</span><a name="line.336"></a>
-<span class="sourceLineNo">337</span> verifyAllowed(listAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);<a name="line.337"></a>
-<span class="sourceLineNo">338</span><a name="line.338"></a>
-<span class="sourceLineNo">339</span> // we have 3 namespaces: [default, hbase, TEST_NAMESPACE, TEST_NAMESPACE2]<a name="line.339"></a>
-<span class="sourceLineNo">340</span> assertEquals(4, ((List)SUPERUSER.runAs(listAction)).size());<a name="line.340"></a>
-<span class="sourceLineNo">341</span> assertEquals(4, ((List)USER_GLOBAL_ADMIN.runAs(listAction)).size());<a name="line.341"></a>
-<span class="sourceLineNo">342</span> assertEquals(4, ((List)USER_GROUP_ADMIN.runAs(listAction)).size());<a name="line.342"></a>
-<span class="sourceLineNo">343</span><a name="line.343"></a>
-<span class="sourceLineNo">344</span> assertEquals(2, ((List)USER_NS_ADMIN.runAs(listAction)).size());<a name="line.344"></a>
-<span class="sourceLineNo">345</span><a name="line.345"></a>
-<span class="sourceLineNo">346</span> assertEquals(0, ((List)USER_GLOBAL_CREATE.runAs(listAction)).size());<a name="line.346"></a>
-<span class="sourceLineNo">347</span> assertEquals(0, ((List)USER_GLOBAL_WRITE.runAs(listAction)).size());<a name="line.347"></a>
-<span class="sourceLineNo">348</span> assertEquals(0, ((List)USER_GLOBAL_READ.runAs(listAction)).size());<a name="line.348"></a>
-<span class="sourceLineNo">349</span> assertEquals(0, ((List)USER_GLOBAL_EXEC.runAs(listAction)).size());<a name="line.349"></a>
-<span class="sourceLineNo">350</span> assertEquals(0, ((List)USER_NS_CREATE.runAs(listAction)).size());<a name="line.350"></a>
-<span class="sourceLineNo">351</span> assertEquals(0, ((List)USER_NS_WRITE.runAs(listAction)).size());<a name="line.351"></a>
-<span class="sourceLineNo">352</span> assertEquals(0, ((List)USER_NS_READ.runAs(listAction)).size());<a name="line.352"></a>
-<span class="sourceLineNo">353</span> assertEquals(0, ((List)USER_NS_EXEC.runAs(listAction)).size());<a name="line.353"></a>
-<span class="sourceLineNo">354</span> assertEquals(0, ((List)USER_TABLE_CREATE.runAs(listAction)).size());<a name="line.354"></a>
-<span class="sourceLineNo">355</span> assertEquals(0, ((List)USER_TABLE_WRITE.runAs(listAction)).size());<a name="line.355"></a>
-<span class="sourceLineNo">356</span> assertEquals(0, ((List)USER_GROUP_CREATE.runAs(listAction)).size());<a name="line.356"></a>
-<span class="sourceLineNo">357</span> assertEquals(0, ((List)USER_GROUP_READ.runAs(listAction)).size());<a name="line.357"></a>
-<span class="sourceLineNo">358</span> assertEquals(0, ((List)USER_GROUP_WRITE.runAs(listAction)).size());<a name="line.358"></a>
-<span class="sourceLineNo">359</span> }<a name="line.359"></a>
-<span class="sourceLineNo">360</span><a name="line.360"></a>
-<span class="sourceLineNo">361</span> @Test<a name="line.361"></a>
-<span class="sourceLineNo">362</span> public void testGrantRevoke() throws Exception{<a name="line.362"></a>
-<span class="sourceLineNo">363</span> final String testUser = "testUser";<a name="line.363"></a>
-<span class="sourceLineNo">364</span><a name="line.364"></a>
-<span class="sourceLineNo">365</span> // Test if client API actions are authorized<a name="line.365"></a>
-<span class="sourceLineNo">366</span><a name="line.366"></a>
-<span class="sourceLineNo">367</span> AccessTestAction grantAction = new AccessTestAction() {<a name="line.367"></a>
-<span class="sourceLineNo">368</span> @Override<a name="line.368"></a>
-<span class="sourceLineNo">369</span> public Object run() throws Exception {<a name="line.369"></a>
-<span class="sourceLineNo">370</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.370"></a>
-<span class="sourceLineNo">371</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.371"></a>
-<span class="sourceLineNo">372</span> try {<a name="line.372"></a>
-<span class="sourceLineNo">373</span> BlockingRpcChannel service =<a name="line.373"></a>
-<span class="sourceLineNo">374</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.374"></a>
-<span class="sourceLineNo">375</span> AccessControlService.BlockingInterface protocol =<a name="line.375"></a>
-<span class="sourceLineNo">376</span> AccessControlService.newBlockingStub(service);<a name="line.376"></a>
-<span class="sourceLineNo">377</span> AccessControlUtil.grant(null, protocol, testUser, TEST_NAMESPACE, false, Action.WRITE);<a name="line.377"></a>
-<span class="sourceLineNo">378</span> } finally {<a name="line.378"></a>
-<span class="sourceLineNo">379</span> acl.close();<a name="line.379"></a>
-<span class="sourceLineNo">380</span> connection.close();<a name="line.380"></a>
-<span class="sourceLineNo">381</span> }<a name="line.381"></a>
-<span class="sourceLineNo">382</span> return null;<a name="line.382"></a>
-<span class="sourceLineNo">383</span> }<a name="line.383"></a>
-<span class="sourceLineNo">384</span> };<a name="line.384"></a>
-<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> AccessTestAction grantNamespaceAction = new AccessTestAction() {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> @Override<a name="line.387"></a>
-<span class="sourceLineNo">388</span> public Object run() throws Exception {<a name="line.388"></a>
-<span class="sourceLineNo">389</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.389"></a>
-<span class="sourceLineNo">390</span> Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {<a name="line.390"></a>
-<span class="sourceLineNo">391</span> BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.391"></a>
-<span class="sourceLineNo">392</span> AccessControlService.BlockingInterface protocol =<a name="line.392"></a>
-<span class="sourceLineNo">393</span> AccessControlService.newBlockingStub(service);<a name="line.393"></a>
-<span class="sourceLineNo">394</span> AccessControlUtil.grant(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),<a name="line.394"></a>
-<span class="sourceLineNo">395</span> TEST_NAMESPACE, false, Action.READ);<a name="line.395"></a>
-<span class="sourceLineNo">396</span> }<a name="line.396"></a>
-<span class="sourceLineNo">397</span> return null;<a name="line.397"></a>
-<span class="sourceLineNo">398</span> }<a name="line.398"></a>
-<span class="sourceLineNo">399</span> };<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> AccessTestAction revokeAction = new AccessTestAction() {<a name="line.401"></a>
-<span class="sourceLineNo">402</span> @Override<a name="line.402"></a>
-<span class="sourceLineNo">403</span> public Object run() throws Exception {<a name="line.403"></a>
-<span class="sourceLineNo">404</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.404"></a>
-<span class="sourceLineNo">405</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> try {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> BlockingRpcChannel service =<a name="line.407"></a>
-<span class="sourceLineNo">408</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.408"></a>
-<span class="sourceLineNo">409</span> AccessControlService.BlockingInterface protocol =<a name="line.409"></a>
-<span class="sourceLineNo">410</span> AccessControlService.newBlockingStub(service);<a name="line.410"></a>
-<span class="sourceLineNo">411</span> AccessControlUtil.revoke(null, protocol, testUser, TEST_NAMESPACE, Action.WRITE);<a name="line.411"></a>
-<span class="sourceLineNo">412</span> } finally {<a name="line.412"></a>
-<span class="sourceLineNo">413</span> acl.close();<a name="line.413"></a>
-<span class="sourceLineNo">414</span> connection.close();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> }<a name="line.415"></a>
-<span class="sourceLineNo">416</span> return null;<a name="line.416"></a>
-<span class="sourceLineNo">417</span> }<a name="line.417"></a>
-<span class="sourceLineNo">418</span> };<a name="line.418"></a>
-<span class="sourceLineNo">419</span><a name="line.419"></a>
-<span class="sourceLineNo">420</span> AccessTestAction revokeNamespaceAction = new AccessTestAction() {<a name="line.420"></a>
-<span class="sourceLineNo">421</span> @Override<a name="line.421"></a>
-<span class="sourceLineNo">422</span> public Object run() throws Exception {<a name="line.422"></a>
-<span class="sourceLineNo">423</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.423"></a>
-<span class="sourceLineNo">424</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.424"></a>
-<span class="sourceLineNo">425</span> try {<a name="line.425"></a>
-<span class="sourceLineNo">426</span> BlockingRpcChannel service =<a name="line.426"></a>
-<span class="sourceLineNo">427</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.427"></a>
-<span class="sourceLineNo">428</span> AccessControlService.BlockingInterface protocol =<a name="line.428"></a>
-<span class="sourceLineNo">429</span> AccessControlService.newBlockingStub(service);<a name="line.429"></a>
-<span class="sourceLineNo">430</span> AccessControlUtil.revoke(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),<a name="line.430"></a>
-<span class="sourceLineNo">431</span> TEST_NAMESPACE, Action.READ);<a name="line.431"></a>
-<span class="sourceLineNo">432</span> } finally {<a name="line.432"></a>
-<span class="sourceLineNo">433</span> acl.close();<a name="line.433"></a>
-<span class="sourceLineNo">434</span> connection.close();<a name="line.434"></a>
-<span class="sourceLineNo">435</span> }<a name="line.435"></a>
-<span class="sourceLineNo">436</span> return null;<a name="line.436"></a>
-<span class="sourceLineNo">437</span> }<a name="line.437"></a>
-<span class="sourceLineNo">438</span> };<a name="line.438"></a>
-<span class="sourceLineNo">439</span><a name="line.439"></a>
-<span class="sourceLineNo">440</span> AccessTestAction getPermissionsAction = new AccessTestAction() {<a name="line.440"></a>
-<span class="sourceLineNo">441</span> @Override<a name="line.441"></a>
-<span class="sourceLineNo">442</span> public Object run() throws Exception {<a name="line.442"></a>
-<span class="sourceLineNo">443</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.443"></a>
-<span class="sourceLineNo">444</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> try {<a name="line.445"></a>
-<span class="sourceLineNo">446</span> BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.446"></a>
-<span class="sourceLineNo">447</span> AccessControlService.BlockingInterface protocol =<a name="line.447"></a>
-<span class="sourceLineNo">448</span> AccessControlService.newBlockingStub(service);<a name="line.448"></a>
-<span class="sourceLineNo">449</span> AccessControlUtil.getUserPermissions(null, protocol, Bytes.toBytes(TEST_NAMESPACE));<a name="line.449"></a>
-<span class="sourceLineNo">450</span> } finally {<a name="line.450"></a>
-<span class="sourceLineNo">451</span> acl.close();<a name="line.451"></a>
-<span class="sourceLineNo">452</span> connection.close();<a name="line.452"></a>
-<span class="sourceLineNo">453</span> }<a name="line.453"></a>
-<span class="sourceLineNo">454</span> return null;<a name="line.454"></a>
-<span class="sourceLineNo">455</span> }<a name="line.455"></a>
-<span class="sourceLineNo">456</span> };<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> verifyAllowed(grantAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);<a name="line.458"></a>
-<span class="sourceLineNo">459</span> verifyDenied(grantAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.459"></a>
-<span class="sourceLineNo">460</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.460"></a>
-<span class="sourceLineNo">461</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.461"></a>
-<span class="sourceLineNo">462</span><a name="line.462"></a>
-<span class="sourceLineNo">463</span> verifyAllowed(grantNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,<a name="line.463"></a>
-<span class="sourceLineNo">464</span> USER_NS_ADMIN, USER_GROUP_NS_ADMIN);<a name="line.464"></a>
-<span class="sourceLineNo">465</span> verifyDenied(grantNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.465"></a>
-<span class="sourceLineNo">466</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.466"></a>
-<span class="sourceLineNo">467</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.467"></a>
-<span class="sourceLineNo">468</span><a name="line.468"></a>
-<span class="sourceLineNo">469</span> verifyAllowed(revokeAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);<a name="line.469"></a>
-<span class="sourceLineNo">470</span> verifyDenied(revokeAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.470"></a>
-<span class="sourceLineNo">471</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.471"></a>
-<span class="sourceLineNo">472</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.472"></a>
-<span class="sourceLineNo">473</span><a name="line.473"></a>
-<span class="sourceLineNo">474</span> verifyAllowed(revokeNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,<a name="line.474"></a>
-<span class="sourceLineNo">475</span> USER_NS_ADMIN, USER_GROUP_NS_ADMIN);<a name="line.475"></a>
-<span class="sourceLineNo">476</span> verifyDenied(revokeNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.476"></a>
-<span class="sourceLineNo">477</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.477"></a>
-<span class="sourceLineNo">478</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.478"></a>
-<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> verifyAllowed(getPermissionsAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,<a name="line.480"></a>
-<span class="sourceLineNo">481</span> USER_GROUP_ADMIN);<a name="line.481"></a>
-<span class="sourceLineNo">482</span> verifyDenied(getPermissionsAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.482"></a>
-<span class="sourceLineNo">483</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.483"></a>
-<span class="sourceLineNo">484</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.484"></a>
-<span class="sourceLineNo">485</span> }<a name="line.485"></a>
-<span class="sourceLineNo">486</span><a name="line.486"></a>
-<span class="sourceLineNo">487</span> @Test<a name="line.487"></a>
-<span class="sourceLineNo">488</span> public void testCreateTableWithNamespace() throws Exception {<a name="line.488"></a>
-<span class="sourceLineNo">489</span> AccessTestAction createTable = new AccessTestAction() {<a name="line.489"></a>
-<span class="sourceLineNo">490</span> @Override<a name="line.490"></a>
-<span class="sourceLineNo">491</span> public Object run() throws Exception {<a name="line.491"></a>
-<span class="sourceLineNo">492</span> HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(TEST_TABLE));<a name="line.492"></a>
-<span class="sourceLineNo">493</span> htd.addFamily(new HColumnDescriptor(TEST_FAMILY));<a name="line.493"></a>
-<span class="sourceLineNo">494</span> ACCESS_CONTROLLER.preCreateTable(ObserverContextImpl.createAndPrepare(CP_ENV), htd, null);<a name="line.494"></a>
-<span class="sourceLineNo">495</span> return null;<a name="line.495"></a>
-<span class="sourceLineNo">496</span> }<a name="line.496"></a>
-<span class="sourceLineNo">497</span> };<a name="line.497"></a>
-<span class="sourceLineNo">498</span><a name="line.498"></a>
-<span class="sourceLineNo">499</span> //createTable : superuser | global(C) | NS(C)<a name="line.499"></a>
-<span class="sourceLineNo">500</span> verifyAllowed(createTable, SUPERUSER, USER_GLOBAL_CREATE, USER_NS_CREATE, USER_GROUP_CREATE);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> verifyDenied(createTable, USER_GLOBAL_ADMIN, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.501"></a>
-<span class="sourceLineNo">502</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.502"></a>
-<span class="sourceLineNo">503</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_ADMIN);<a name="line.503"></a>
-<span class="sourceLineNo">504</span> }<a name="line.504"></a>
-<span class="sourceLineNo">505</span>}<a name="line.505"></a>
+<span class="sourceLineNo">253</span> null, // not needed by AccessController<a name="line.253"></a>
+<span class="sourceLineNo">254</span> NamespaceDescriptor.create(TEST_NAMESPACE).addConfiguration("abc", "156").build());<a name="line.254"></a>
+<span class="sourceLineNo">255</span> return null;<a name="line.255"></a>
+<span class="sourceLineNo">256</span> }<a name="line.256"></a>
+<span class="sourceLineNo">257</span> };<a name="line.257"></a>
+<span class="sourceLineNo">258</span><a name="line.258"></a>
+<span class="sourceLineNo">259</span> // modifyNamespace: superuser | global(A) | NS(A)<a name="line.259"></a>
+<span class="sourceLineNo">260</span> verifyAllowed(modifyNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.260"></a>
+<span class="sourceLineNo">261</span> verifyDenied(modifyNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.261"></a>
+<span class="sourceLineNo">262</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.262"></a>
+<span class="sourceLineNo">263</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.263"></a>
+<span class="sourceLineNo">264</span> }<a name="line.264"></a>
+<span class="sourceLineNo">265</span><a name="line.265"></a>
+<span class="sourceLineNo">266</span> @Test<a name="line.266"></a>
+<span class="sourceLineNo">267</span> public void testCreateAndDeleteNamespace() throws Exception {<a name="line.267"></a>
+<span class="sourceLineNo">268</span> AccessTestAction createNamespace = new AccessTestAction() {<a name="line.268"></a>
+<span class="sourceLineNo">269</span> @Override<a name="line.269"></a>
+<span class="sourceLineNo">270</span> public Object run() throws Exception {<a name="line.270"></a>
+<span class="sourceLineNo">271</span> ACCESS_CONTROLLER.preCreateNamespace(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.271"></a>
+<span class="sourceLineNo">272</span> NamespaceDescriptor.create(TEST_NAMESPACE2).build());<a name="line.272"></a>
+<span class="sourceLineNo">273</span> return null;<a name="line.273"></a>
+<span class="sourceLineNo">274</span> }<a name="line.274"></a>
+<span class="sourceLineNo">275</span> };<a name="line.275"></a>
+<span class="sourceLineNo">276</span><a name="line.276"></a>
+<span class="sourceLineNo">277</span> AccessTestAction deleteNamespace = new AccessTestAction() {<a name="line.277"></a>
+<span class="sourceLineNo">278</span> @Override<a name="line.278"></a>
+<span class="sourceLineNo">279</span> public Object run() throws Exception {<a name="line.279"></a>
+<span class="sourceLineNo">280</span> ACCESS_CONTROLLER.preDeleteNamespace(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.280"></a>
+<span class="sourceLineNo">281</span> TEST_NAMESPACE2);<a name="line.281"></a>
+<span class="sourceLineNo">282</span> return null;<a name="line.282"></a>
+<span class="sourceLineNo">283</span> }<a name="line.283"></a>
+<span class="sourceLineNo">284</span> };<a name="line.284"></a>
+<span class="sourceLineNo">285</span><a name="line.285"></a>
+<span class="sourceLineNo">286</span> // createNamespace: superuser | global(A)<a name="line.286"></a>
+<span class="sourceLineNo">287</span> verifyAllowed(createNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.287"></a>
+<span class="sourceLineNo">288</span> // all others should be denied<a name="line.288"></a>
+<span class="sourceLineNo">289</span> verifyDenied(createNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.289"></a>
+<span class="sourceLineNo">290</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.290"></a>
+<span class="sourceLineNo">291</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.291"></a>
+<span class="sourceLineNo">292</span><a name="line.292"></a>
+<span class="sourceLineNo">293</span> // deleteNamespace: superuser | global(A) | NS(A)<a name="line.293"></a>
+<span class="sourceLineNo">294</span> verifyAllowed(deleteNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);<a name="line.294"></a>
+<span class="sourceLineNo">295</span> verifyDenied(deleteNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.295"></a>
+<span class="sourceLineNo">296</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.296"></a>
+<span class="sourceLineNo">297</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.297"></a>
+<span class="sourceLineNo">298</span> }<a name="line.298"></a>
+<span class="sourceLineNo">299</span><a name="line.299"></a>
+<span class="sourceLineNo">300</span> @Test<a name="line.300"></a>
+<span class="sourceLineNo">301</span> public void testGetNamespaceDescriptor() throws Exception {<a name="line.301"></a>
+<span class="sourceLineNo">302</span> AccessTestAction getNamespaceAction = new AccessTestAction() {<a name="line.302"></a>
+<span class="sourceLineNo">303</span> @Override<a name="line.303"></a>
+<span class="sourceLineNo">304</span> public Object run() throws Exception {<a name="line.304"></a>
+<span class="sourceLineNo">305</span> ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.305"></a>
+<span class="sourceLineNo">306</span> TEST_NAMESPACE);<a name="line.306"></a>
+<span class="sourceLineNo">307</span> return null;<a name="line.307"></a>
+<span class="sourceLineNo">308</span> }<a name="line.308"></a>
+<span class="sourceLineNo">309</span> };<a name="line.309"></a>
+<span class="sourceLineNo">310</span> // getNamespaceDescriptor : superuser | global(A) | NS(A)<a name="line.310"></a>
+<span class="sourceLineNo">311</span> verifyAllowed(getNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,<a name="line.311"></a>
+<span class="sourceLineNo">312</span> USER_GROUP_ADMIN);<a name="line.312"></a>
+<span class="sourceLineNo">313</span> verifyDenied(getNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.313"></a>
+<span class="sourceLineNo">314</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.314"></a>
+<span class="sourceLineNo">315</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.315"></a>
+<span class="sourceLineNo">316</span> }<a name="line.316"></a>
+<span class="sourceLineNo">317</span><a name="line.317"></a>
+<span class="sourceLineNo">318</span> @Test<a name="line.318"></a>
+<span class="sourceLineNo">319</span> public void testListNamespaces() throws Exception {<a name="line.319"></a>
+<span class="sourceLineNo">320</span> AccessTestAction listAction = new AccessTestAction() {<a name="line.320"></a>
+<span class="sourceLineNo">321</span> @Override<a name="line.321"></a>
+<span class="sourceLineNo">322</span> public Object run() throws Exception {<a name="line.322"></a>
+<span class="sourceLineNo">323</span> Connection unmanagedConnection =<a name="line.323"></a>
+<span class="sourceLineNo">324</span> ConnectionFactory.createConnection(UTIL.getConfiguration());<a name="line.324"></a>
+<span class="sourceLineNo">325</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.325"></a>
+<span class="sourceLineNo">326</span> try {<a name="line.326"></a>
+<span class="sourceLineNo">327</span> return Arrays.asList(admin.listNamespaceDescriptors());<a name="line.327"></a>
+<span class="sourceLineNo">328</span> } finally {<a name="line.328"></a>
+<span class="sourceLineNo">329</span> admin.close();<a name="line.329"></a>
+<span class="sourceLineNo">330</span> unmanagedConnection.close();<a name="line.330"></a>
+<span class="sourceLineNo">331</span> }<a name="line.331"></a>
+<span class="sourceLineNo">332</span> }<a name="line.332"></a>
+<span class="sourceLineNo">333</span> };<a name="line.333"></a>
+<span class="sourceLineNo">334</span><a name="line.334"></a>
+<span class="sourceLineNo">335</span> // listNamespaces : All access*<a name="line.335"></a>
+<span class="sourceLineNo">336</span> // * Returned list will only show what you can call getNamespaceDescriptor()<a name="line.336"></a>
+<span class="sourceLineNo">337</span><a name="line.337"></a>
+<span class="sourceLineNo">338</span> verifyAllowed(listAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);<a name="line.338"></a>
+<span class="sourceLineNo">339</span><a name="line.339"></a>
+<span class="sourceLineNo">340</span> // we have 3 namespaces: [default, hbase, TEST_NAMESPACE, TEST_NAMESPACE2]<a name="line.340"></a>
+<span class="sourceLineNo">341</span> assertEquals(4, ((List)SUPERUSER.runAs(listAction)).size());<a name="line.341"></a>
+<span class="sourceLineNo">342</span> assertEquals(4, ((List)USER_GLOBAL_ADMIN.runAs(listAction)).size());<a name="line.342"></a>
+<span class="sourceLineNo">343</span> assertEquals(4, ((List)USER_GROUP_ADMIN.runAs(listAction)).size());<a name="line.343"></a>
+<span class="sourceLineNo">344</span><a name="line.344"></a>
+<span class="sourceLineNo">345</span> assertEquals(2, ((List)USER_NS_ADMIN.runAs(listAction)).size());<a name="line.345"></a>
+<span class="sourceLineNo">346</span><a name="line.346"></a>
+<span class="sourceLineNo">347</span> assertEquals(0, ((List)USER_GLOBAL_CREATE.runAs(listAction)).size());<a name="line.347"></a>
+<span class="sourceLineNo">348</span> assertEquals(0, ((List)USER_GLOBAL_WRITE.runAs(listAction)).size());<a name="line.348"></a>
+<span class="sourceLineNo">349</span> assertEquals(0, ((List)USER_GLOBAL_READ.runAs(listAction)).size());<a name="line.349"></a>
+<span class="sourceLineNo">350</span> assertEquals(0, ((List)USER_GLOBAL_EXEC.runAs(listAction)).size());<a name="line.350"></a>
+<span class="sourceLineNo">351</span> assertEquals(0, ((List)USER_NS_CREATE.runAs(listAction)).size());<a name="line.351"></a>
+<span class="sourceLineNo">352</span> assertEquals(0, ((List)USER_NS_WRITE.runAs(listAction)).size());<a name="line.352"></a>
+<span class="sourceLineNo">353</span> assertEquals(0, ((List)USER_NS_READ.runAs(listAction)).size());<a name="line.353"></a>
+<span class="sourceLineNo">354</span> assertEquals(0, ((List)USER_NS_EXEC.runAs(listAction)).size());<a name="line.354"></a>
+<span class="sourceLineNo">355</span> assertEquals(0, ((List)USER_TABLE_CREATE.runAs(listAction)).size());<a name="line.355"></a>
+<span class="sourceLineNo">356</span> assertEquals(0, ((List)USER_TABLE_WRITE.runAs(listAction)).size());<a name="line.356"></a>
+<span class="sourceLineNo">357</span> assertEquals(0, ((List)USER_GROUP_CREATE.runAs(listAction)).size());<a name="line.357"></a>
+<span class="sourceLineNo">358</span> assertEquals(0, ((List)USER_GROUP_READ.runAs(listAction)).size());<a name="line.358"></a>
+<span class="sourceLineNo">359</span> assertEquals(0, ((List)USER_GROUP_WRITE.runAs(listAction)).size());<a name="line.359"></a>
+<span class="sourceLineNo">360</span> }<a name="line.360"></a>
+<span class="sourceLineNo">361</span><a name="line.361"></a>
+<span class="sourceLineNo">362</span> @Test<a name="line.362"></a>
+<span class="sourceLineNo">363</span> public void testGrantRevoke() throws Exception{<a name="line.363"></a>
+<span class="sourceLineNo">364</span> final String testUser = "testUser";<a name="line.364"></a>
+<span class="sourceLineNo">365</span><a name="line.365"></a>
+<span class="sourceLineNo">366</span> // Test if client API actions are authorized<a name="line.366"></a>
+<span class="sourceLineNo">367</span><a name="line.367"></a>
+<span class="sourceLineNo">368</span> AccessTestAction grantAction = new AccessTestAction() {<a name="line.368"></a>
+<span class="sourceLineNo">369</span> @Override<a name="line.369"></a>
+<span class="sourceLineNo">370</span> public Object run() throws Exception {<a name="line.370"></a>
+<span class="sourceLineNo">371</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.371"></a>
+<span class="sourceLineNo">372</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.372"></a>
+<span class="sourceLineNo">373</span> try {<a name="line.373"></a>
+<span class="sourceLineNo">374</span> BlockingRpcChannel service =<a name="line.374"></a>
+<span class="sourceLineNo">375</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.375"></a>
+<span class="sourceLineNo">376</span> AccessControlService.BlockingInterface protocol =<a name="line.376"></a>
+<span class="sourceLineNo">377</span> AccessControlService.newBlockingStub(service);<a name="line.377"></a>
+<span class="sourceLineNo">378</span> AccessControlUtil.grant(null, protocol, testUser, TEST_NAMESPACE, false, Action.WRITE);<a name="line.378"></a>
+<span class="sourceLineNo">379</span> } finally {<a name="line.379"></a>
+<span class="sourceLineNo">380</span> acl.close();<a name="line.380"></a>
+<span class="sourceLineNo">381</span> connection.close();<a name="line.381"></a>
+<span class="sourceLineNo">382</span> }<a name="line.382"></a>
+<span class="sourceLineNo">383</span> return null;<a name="line.383"></a>
+<span class="sourceLineNo">384</span> }<a name="line.384"></a>
+<span class="sourceLineNo">385</span> };<a name="line.385"></a>
+<span class="sourceLineNo">386</span><a name="line.386"></a>
+<span class="sourceLineNo">387</span> AccessTestAction grantNamespaceAction = new AccessTestAction() {<a name="line.387"></a>
+<span class="sourceLineNo">388</span> @Override<a name="line.388"></a>
+<span class="sourceLineNo">389</span> public Object run() throws Exception {<a name="line.389"></a>
+<span class="sourceLineNo">390</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.390"></a>
+<span class="sourceLineNo">391</span> Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {<a name="line.391"></a>
+<span class="sourceLineNo">392</span> BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.392"></a>
+<span class="sourceLineNo">393</span> AccessControlService.BlockingInterface protocol =<a name="line.393"></a>
+<span class="sourceLineNo">394</span> AccessControlService.newBlockingStub(service);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> AccessControlUtil.grant(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),<a name="line.395"></a>
+<span class="sourceLineNo">396</span> TEST_NAMESPACE, false, Action.READ);<a name="line.396"></a>
+<span class="sourceLineNo">397</span> }<a name="line.397"></a>
+<span class="sourceLineNo">398</span> return null;<a name="line.398"></a>
+<span class="sourceLineNo">399</span> }<a name="line.399"></a>
+<span class="sourceLineNo">400</span> };<a name="line.400"></a>
+<span class="sourceLineNo">401</span><a name="line.401"></a>
+<span class="sourceLineNo">402</span> AccessTestAction revokeAction = new AccessTestAction() {<a name="line.402"></a>
+<span class="sourceLineNo">403</span> @Override<a name="line.403"></a>
+<span class="sourceLineNo">404</span> public Object run() throws Exception {<a name="line.404"></a>
+<span class="sourceLineNo">405</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.405"></a>
+<span class="sourceLineNo">406</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.406"></a>
+<span class="sourceLineNo">407</span> try {<a name="line.407"></a>
+<span class="sourceLineNo">408</span> BlockingRpcChannel service =<a name="line.408"></a>
+<span class="sourceLineNo">409</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> AccessControlService.BlockingInterface protocol =<a name="line.410"></a>
+<span class="sourceLineNo">411</span> AccessControlService.newBlockingStub(service);<a name="line.411"></a>
+<span class="sourceLineNo">412</span> AccessControlUtil.revoke(null, protocol, testUser, TEST_NAMESPACE, Action.WRITE);<a name="line.412"></a>
+<span class="sourceLineNo">413</span> } finally {<a name="line.413"></a>
+<span class="sourceLineNo">414</span> acl.close();<a name="line.414"></a>
+<span class="sourceLineNo">415</span> connection.close();<a name="line.415"></a>
+<span class="sourceLineNo">416</span> }<a name="line.416"></a>
+<span class="sourceLineNo">417</span> return null;<a name="line.417"></a>
+<span class="sourceLineNo">418</span> }<a name="line.418"></a>
+<span class="sourceLineNo">419</span> };<a name="line.419"></a>
+<span class="sourceLineNo">420</span><a name="line.420"></a>
+<span class="sourceLineNo">421</span> AccessTestAction revokeNamespaceAction = new AccessTestAction() {<a name="line.421"></a>
+<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
+<span class="sourceLineNo">423</span> public Object run() throws Exception {<a name="line.423"></a>
+<span class="sourceLineNo">424</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.424"></a>
+<span class="sourceLineNo">425</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.425"></a>
+<span class="sourceLineNo">426</span> try {<a name="line.426"></a>
+<span class="sourceLineNo">427</span> BlockingRpcChannel service =<a name="line.427"></a>
+<span class="sourceLineNo">428</span> acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.428"></a>
+<span class="sourceLineNo">429</span> AccessControlService.BlockingInterface protocol =<a name="line.429"></a>
+<span class="sourceLineNo">430</span> AccessControlService.newBlockingStub(service);<a name="line.430"></a>
+<span class="sourceLineNo">431</span> AccessControlUtil.revoke(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),<a name="line.431"></a>
+<span class="sourceLineNo">432</span> TEST_NAMESPACE, Action.READ);<a name="line.432"></a>
+<span class="sourceLineNo">433</span> } finally {<a name="line.433"></a>
+<span class="sourceLineNo">434</span> acl.close();<a name="line.434"></a>
+<span class="sourceLineNo">435</span> connection.close();<a name="line.435"></a>
+<span class="sourceLineNo">436</span> }<a name="line.436"></a>
+<span class="sourceLineNo">437</span> return null;<a name="line.437"></a>
+<span class="sourceLineNo">438</span> }<a name="line.438"></a>
+<span class="sourceLineNo">439</span> };<a name="line.439"></a>
+<span class="sourceLineNo">440</span><a name="line.440"></a>
+<span class="sourceLineNo">441</span> AccessTestAction getPermissionsAction = new AccessTestAction() {<a name="line.441"></a>
+<span class="sourceLineNo">442</span> @Override<a name="line.442"></a>
+<span class="sourceLineNo">443</span> public Object run() throws Exception {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> Connection connection = ConnectionFactory.createConnection(conf);<a name="line.444"></a>
+<span class="sourceLineNo">445</span> Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.445"></a>
+<span class="sourceLineNo">446</span> try {<a name="line.446"></a>
+<span class="sourceLineNo">447</span> BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);<a name="line.447"></a>
+<span class="sourceLineNo">448</span> AccessControlService.BlockingInterface protocol =<a name="line.448"></a>
+<span class="sourceLineNo">449</span> AccessControlService.newBlockingStub(service);<a name="line.449"></a>
+<span class="sourceLineNo">450</span> AccessControlUtil.getUserPermissions(null, protocol, Bytes.toBytes(TEST_NAMESPACE));<a name="line.450"></a>
+<span class="sourceLineNo">451</span> } finally {<a name="line.451"></a>
+<span class="sourceLineNo">452</span> acl.close();<a name="line.452"></a>
+<span class="sourceLineNo">453</span> connection.close();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> }<a name="line.454"></a>
+<span class="sourceLineNo">455</span> return null;<a name="line.455"></a>
+<span class="sourceLineNo">456</span> }<a name="line.456"></a>
+<span class="sourceLineNo">457</span> };<a name="line.457"></a>
+<span class="sourceLineNo">458</span><a name="line.458"></a>
+<span class="sourceLineNo">459</span> verifyAllowed(grantAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);<a name="line.459"></a>
+<span class="sourceLineNo">460</span> verifyDenied(grantAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.460"></a>
+<span class="sourceLineNo">461</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.461"></a>
+<span class="sourceLineNo">462</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.462"></a>
+<span class="sourceLineNo">463</span><a name="line.463"></a>
+<span class="sourceLineNo">464</span> verifyAllowed(grantNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,<a name="line.464"></a>
+<span class="sourceLineNo">465</span> USER_NS_ADMIN, USER_GROUP_NS_ADMIN);<a name="line.465"></a>
+<span class="sourceLineNo">466</span> verifyDenied(grantNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.466"></a>
+<span class="sourceLineNo">467</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.467"></a>
+<span class="sourceLineNo">468</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.468"></a>
+<span class="sourceLineNo">469</span><a name="line.469"></a>
+<span class="sourceLineNo">470</span> verifyAllowed(revokeAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);<a name="line.470"></a>
+<span class="sourceLineNo">471</span> verifyDenied(revokeAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.471"></a>
+<span class="sourceLineNo">472</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.472"></a>
+<span class="sourceLineNo">473</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.473"></a>
+<span class="sourceLineNo">474</span><a name="line.474"></a>
+<span class="sourceLineNo">475</span> verifyAllowed(revokeNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,<a name="line.475"></a>
+<span class="sourceLineNo">476</span> USER_NS_ADMIN, USER_GROUP_NS_ADMIN);<a name="line.476"></a>
+<span class="sourceLineNo">477</span> verifyDenied(revokeNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.477"></a>
+<span class="sourceLineNo">478</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.478"></a>
+<span class="sourceLineNo">479</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.479"></a>
+<span class="sourceLineNo">480</span><a name="line.480"></a>
+<span class="sourceLineNo">481</span> verifyAllowed(getPermissionsAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,<a name="line.481"></a>
+<span class="sourceLineNo">482</span> USER_GROUP_ADMIN);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> verifyDenied(getPermissionsAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.483"></a>
+<span class="sourceLineNo">484</span> USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.484"></a>
+<span class="sourceLineNo">485</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.485"></a>
+<span class="sourceLineNo">486</span> }<a name="line.486"></a>
+<span class="sourceLineNo">487</span><a name="line.487"></a>
+<span class="sourceLineNo">488</span> @Test<a name="line.488"></a>
+<span class="sourceLineNo">489</span> public void testCreateTableWithNamespace() throws Exception {<a name="line.489"></a>
+<span class="sourceLineNo">490</span> AccessTestAction createTable = new AccessTestAction() {<a name="line.490"></a>
+<span class="sourceLineNo">491</span> @Override<a name="line.491"></a>
+<span class="sourceLineNo">492</span> public Object run() throws Exception {<a name="line.492"></a>
+<span class="sourceLineNo">493</span> HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(TEST_TABLE));<a name="line.493"></a>
+<span class="sourceLineNo">494</span> htd.addFamily(new HColumnDescriptor(TEST_FAMILY));<a name="line.494"></a>
+<span class="sourceLineNo">495</span> ACCESS_CONTROLLER.preCreateTable(ObserverContextImpl.createAndPrepare(CP_ENV), htd, null);<a name="line.495"></a>
+<span class="sourceLineNo">496</span> return null;<a name="line.496"></a>
+<span class="sourceLineNo">497</span> }<a name="line.497"></a>
+<span class="sourceLineNo">498</span> };<a name="line.498"></a>
+<span class="sourceLineNo">499</span><a name="line.499"></a>
+<span class="sourceLineNo">500</span> //createTable : superuser | global(C) | NS(C)<a name="line.500"></a>
+<span class="sourceLineNo">501</span> verifyAllowed(createTable, SUPERUSER, USER_GLOBAL_CREATE, USER_NS_CREATE, USER_GROUP_CREATE);<a name="line.501"></a>
+<span class="sourceLineNo">502</span> verifyDenied(createTable, USER_GLOBAL_ADMIN, USER_GLOBAL_WRITE, USER_GLOBAL_READ,<a name="line.502"></a>
+<span class="sourceLineNo">503</span> USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,<a name="line.503"></a>
+<span class="sourceLineNo">504</span> USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_ADMIN);<a name="line.504"></a>
+<span class="sourceLineNo">505</span> }<a name="line.505"></a>
+<span class="sourceLineNo">506</span>}<a name="line.506"></a>