You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by GitBox <gi...@apache.org> on 2022/10/11 11:29:11 UTC

[GitHub] [accumulo] cshannon commented on a diff in pull request #3011: Add ALTER_NAMESPACE permission for root user to Accumulo and Default namespaces

cshannon commented on code in PR #3011:
URL: https://github.com/apache/accumulo/pull/3011#discussion_r992196983


##########
server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java:
##########
@@ -396,11 +398,14 @@ public void initializeSecurity(TCredentials itw, String rootuser)
     tablePerms.put(RootTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
     tablePerms.put(MetadataTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
     // essentially the same but on the system namespace, the ALTER_TABLE permission is now redundant
+    // After PR #2994 which added security checks for configuration we need to also add
+    // ALTER_NAMESPACE
+    // to both Default and Accumulo Namespaces for the root user.
     Map<NamespaceId,Set<NamespacePermission>> namespacePerms = new HashMap<>();
-    namespacePerms.put(Namespace.ACCUMULO.id(),
+    namespacePerms.put(Namespace.DEFAULT.id(),

Review Comment:
   You can't remove this or it doesn't work. You have to grant ALTER_NAMESPACE to the default namespace or else when you use the config command as the root user on a table in the default namespace you get a permission error.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@accumulo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org