You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/06/19 12:20:43 UTC
[jira] [Created] (HBASE-6238) Grant on Meta Table is not taking
affect.
Laxman created HBASE-6238:
-----------------------------
Summary: Grant on Meta Table is not taking affect.
Key: HBASE-6238
URL: https://issues.apache.org/jira/browse/HBASE-6238
Project: HBase
Issue Type: Sub-task
Components: security
Affects Versions: 0.94.0, 0.96.0, 0.94.1
Reporter: Laxman
Assignee: Laxman
User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13397004#comment-13397004 ]
Laxman commented on HBASE-6238:
-------------------------------
context: http://mail-archives.apache.org/mod_mbox/hbase-dev/201206.mbox/%3CCA%2BRK%3D_C%3D0JnJ0CCJVYCicrWCn6gPn1zoBDahUP6xaKGZPYDBVA%40mail.gmail.com%3E
Before correcting in ruby scripts, I tried to edit/flush META after giving permissions appropriate permissions on META table to a user (non-super user). I was expecting the operation to succeed. But it didn't due to above piece of code.
bq. What are the exceptions to that rule?
In one of our scenario, owner of a table needs to pre-create regions (>=1000) by directly adding entries to META & flushes META.
If we remove the snippet of code which I quoted in my previous comments, META will be treated as any other table.
Should we proceed with removing this piece of code?
Note: Irrespective of this change, we may still needs to correct the ruby scripts as discussed on dev mailing list. Will file a JIRA separately.
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396916#comment-13396916 ]
Andrew Purtell commented on HBASE-6238:
---------------------------------------
Yes, we can remove unnecessary code.
But let us examine also what you are trying to accomplish. IMO, META should have a global permission where every user can read it and nobody but the system principal can write it. What are the exceptions to that rule?
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13397053#comment-13397053 ]
Hadoop QA commented on HBASE-6238:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12532596/HBASE-6238.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 7 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.replication.TestReplication
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/2192//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2192//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2192//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2192//console
This message is automatically generated.
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on META not taking effect
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13397987#comment-13397987 ]
Hudson commented on HBASE-6238:
-------------------------------
Integrated in HBase-TRUNK #3052 (See [https://builds.apache.org/job/HBase-TRUNK/3052/])
HBASE-6238. Grant on META not taking effect (Laxman) (Revision 1352356)
Result = FAILURE
apurtell :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on META not taking effect
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398023#comment-13398023 ]
Hudson commented on HBASE-6238:
-------------------------------
Integrated in HBase-0.94 #267 (See [https://builds.apache.org/job/HBase-0.94/267/])
HBASE-6238. Grant on META not taking effect (Laxman) (Revision 1352358)
Result = FAILURE
apurtell :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6238:
--------------------------
Attachment: HBASE-6238.patch
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on META not taking effect
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398010#comment-13398010 ]
Hudson commented on HBASE-6238:
-------------------------------
Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #61 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/61/])
HBASE-6238. Grant on META not taking effect (Laxman) (Revision 1352356)
Result = FAILURE
apurtell :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6238) Grant on META not taking effect
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-6238:
----------------------------------
Summary: Grant on META not taking effect (was: Grant on Meta Table is not taking affect.)
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6238) Grant on META not taking effect
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-6238:
----------------------------------
Resolution: Fixed
Fix Version/s: 0.94.1
0.96.0
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Committed to trunk and 0.94 branch. TestAccessController passes locally. Many thanks for the patch Laxman!
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HBASE-6238) Grant on META not taking effect
Posted by "Lars Hofhansl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lars Hofhansl closed HBASE-6238.
--------------------------------
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.94.1, 0.96.0
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.94.1, 0.96.0
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on META not taking effect
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13400030#comment-13400030 ]
Hudson commented on HBASE-6238:
-------------------------------
Integrated in HBase-0.94-security #37 (See [https://builds.apache.org/job/HBase-0.94-security/37/])
HBASE-6238. Grant on META not taking effect (Laxman) (Revision 1352358)
Result = SUCCESS
apurtell :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
> Grant on META not taking effect
> -------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6238:
--------------------------
Status: Patch Available (was: Open)
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Attachments: HBASE-6238.patch
>
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6238) Grant on Meta Table is not taking
affect.
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396678#comment-13396678 ]
Laxman commented on HBASE-6238:
-------------------------------
Seems to be problem following code snippet in AccessControlLists.getTablePermissions(Configuration, byte[])
{noformat}
/* TODO: -ROOT- and .META. cannot easily be handled because they must be
* online before _acl_ table. Can anything be done here?
*/
if (Bytes.equals(tableName, HConstants.ROOT_TABLE_NAME) ||
Bytes.equals(tableName, HConstants.META_TABLE_NAME)) {
return ArrayListMultimap.create(0,0);
}
{noformat}
I don't see a scenario why special handling ROOT & META tables are required.
Can this snippet be removed or you see any problem?
> Grant on Meta Table is not taking affect.
> -----------------------------------------
>
> Key: HBASE-6238
> URL: https://issues.apache.org/jira/browse/HBASE-6238
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> User is not able to perform authorized operations on Meta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira