You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "István Tóth (JIRA)" <ji...@apache.org> on 2019/06/14 06:40:00 UTC

[jira] [Created] (HBASE-22581) user with "CREATE" permission can grant, but not revoke permissions on created table

István Tóth created HBASE-22581:
-----------------------------------

             Summary: user with "CREATE" permission can grant, but not revoke permissions on created table
                 Key: HBASE-22581
                 URL: https://issues.apache.org/jira/browse/HBASE-22581
             Project: HBase
          Issue Type: Bug
          Components: security
    Affects Versions: 2.1.5, 2.1.1, 2.1.6
            Reporter: István Tóth


A user that only has global or namespace "CREATE" permission can grant permissions to another user on its created table, but cannot revoke them.

This bug exists on branch-2.1, from 2.1.1 

2.0, 2.1.0, master, and branch-2.2 are not effected.

The bug can be triggered via hbase shell:
{code:java}
#Start hbase shell as superuse 
#export HADOOP_USER_NAME=hbase 
hbase shell
grant 'regularUser1', 'C'
exit
#Run hbase shell as regularUser1
#grant, then revoke 'RX' permission to regularUser2
#export HADOOP_USER_NAME=regularUser1
hbase shell
create 'nunuke','nunuke'
grant 'regularUser2', 'RX', 'nunuke'
#This will fail on 2.1.1+
revoke 'regularUser2', 'nunuke'
{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)