You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@accumulo.apache.org by "John Vines (Created) (JIRA)" <ji...@apache.org> on 2012/01/05 21:12:39 UTC

[jira] [Created] (ACCUMULO-264) Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations

Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations
--------------------------------------------------------------------------------------------------------------------------------------

                 Key: ACCUMULO-264
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-264
             Project: Accumulo
          Issue Type: Bug
          Components: client, master
            Reporter: John Vines
            Assignee: Billie Rinaldi
             Fix For: 1.4.0


Possible solutions- check both create and grant when doing an operation that does two actions
OR
only allow users to create a new user with a subset of their own authorizations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (ACCUMULO-264) Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations

Posted by "John Vines (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/ACCUMULO-264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

John Vines resolved ACCUMULO-264.
---------------------------------

    Resolution: Fixed

We now through BAD_AUTHORIZATIONS if the new users permissions are not held by the creator, if the creator does not have ALTER_USER.
                
> Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-264
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-264
>             Project: Accumulo
>          Issue Type: Bug
>          Components: client, master
>            Reporter: John Vines
>            Assignee: John Vines
>              Labels: security
>             Fix For: 1.4.0
>
>
> Possible solutions- check both create and grant when doing an operation that does two actions
> OR
> only allow users to create a new user with a subset of their own authorizations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (ACCUMULO-264) Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations

Posted by "John Vines (Assigned) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/ACCUMULO-264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

John Vines reassigned ACCUMULO-264:
-----------------------------------

    Assignee: John Vines  (was: Billie Rinaldi)
    
> Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-264
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-264
>             Project: Accumulo
>          Issue Type: Bug
>          Components: client, master
>            Reporter: John Vines
>            Assignee: John Vines
>              Labels: security
>             Fix For: 1.4.0
>
>
> Possible solutions- check both create and grant when doing an operation that does two actions
> OR
> only allow users to create a new user with a subset of their own authorizations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira