You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@accumulo.apache.org by "John Vines (Assigned) (JIRA)" <ji...@apache.org> on 2012/01/06 22:24:39 UTC
[jira] [Assigned] (ACCUMULO-264) Users with the create permission
but no tthe grant permission have the ability to create a new user with
arbitrary scan authorizations
[ https://issues.apache.org/jira/browse/ACCUMULO-264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Vines reassigned ACCUMULO-264:
-----------------------------------
Assignee: John Vines (was: Billie Rinaldi)
> Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ACCUMULO-264
> URL: https://issues.apache.org/jira/browse/ACCUMULO-264
> Project: Accumulo
> Issue Type: Bug
> Components: client, master
> Reporter: John Vines
> Assignee: John Vines
> Labels: security
> Fix For: 1.4.0
>
>
> Possible solutions- check both create and grant when doing an operation that does two actions
> OR
> only allow users to create a new user with a subset of their own authorizations.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira