You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Ashish Singhi (JIRA)" <ji...@apache.org> on 2015/01/06 07:31:34 UTC

[jira] [Created] (HBASE-12811) NPE while scan a table with user associated with multiple groups.

Ashish Singhi created HBASE-12811:
-------------------------------------

             Summary: NPE while scan a table with user associated with multiple groups.
                 Key: HBASE-12811
                 URL: https://issues.apache.org/jira/browse/HBASE-12811
             Project: HBase
          Issue Type: Bug
          Components: security
    Affects Versions: 0.98.9
            Reporter: Ashish Singhi
            Assignee: Ashish Singhi


A user is associated with two groups.
{noformat}
/hbase/bin> groups ashish_test
ashish_test : defaultgroup ashish_test_1420524824527
{noformat}

One of its group is granted permission on a table as shown by user_permission command.
{noformat}
hbase(main):005:0> user_permission 't1'
User                                                 Table,Family,Qualifier:Permission
 @ashish_test_1420524824527                          t1,,: [Permission: actions=EXEC,WRITE,CREATE]
 @ashish_test_1420524824527                          t1,d,: [Permission: actions=EXEC,WRITE,CREATE]
 hbase                                               t1,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
3 row(s) in 0.3710 seconds
{noformat}

Now when this user try the scan the table, we get the following exception.
{noformat}
java.lang.NullPointerException
	at org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490)
	at org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415)
	at org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484)
	at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504)
	at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027)
	at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987)
	at org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102)
{noformat}
*Note:* Line numbers may not match.

Exception is coming because the other group of same user which has not been granted permission on the table will have the TablePermission's table(name) as null.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)