You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@accumulo.apache.org by "John Vines (Assigned) (JIRA)" <ji...@apache.org> on 2012/01/06 22:24:39 UTC

[jira] [Assigned] (ACCUMULO-264) Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations

     [ https://issues.apache.org/jira/browse/ACCUMULO-264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

John Vines reassigned ACCUMULO-264:
-----------------------------------

    Assignee: John Vines  (was: Billie Rinaldi)
    
> Users with the create permission but no tthe grant permission have the ability to create a new user with arbitrary scan authorizations
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-264
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-264
>             Project: Accumulo
>          Issue Type: Bug
>          Components: client, master
>            Reporter: John Vines
>            Assignee: John Vines
>              Labels: security
>             Fix For: 1.4.0
>
>
> Possible solutions- check both create and grant when doing an operation that does two actions
> OR
> only allow users to create a new user with a subset of their own authorizations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira