You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/06/08 12:44:23 UTC
[jira] [Updated] (HBASE-5372) Table mutation operations should
check table level rights, not global rights
[ https://issues.apache.org/jira/browse/HBASE-5372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-5372:
--------------------------
Tags: Huawei
Fix Version/s: 0.94.1
0.96.0
Labels: security (was: )
Affects Version/s: 0.94.1
0.96.0
0.94.0
Status: Patch Available (was: Open)
Corrected ACL as per the matrix.
https://issues.apache.org/jira/secure/attachment/12531252/Security-ACL%20Matrix.pdf
Please review the patch.
> Table mutation operations should check table level rights, not global rights
> -----------------------------------------------------------------------------
>
> Key: HBASE-5372
> URL: https://issues.apache.org/jira/browse/HBASE-5372
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Enis Soztutar
> Assignee: Laxman
> Labels: security
> Fix For: 0.96.0, 0.94.1
>
>
> getUserPermissions(tableName)/grant/revoke and drop/modify table operations should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. The reasoning is that if a user is able to admin or read from a table, she should be able to read the table's permissions. We can choose whether we want only READ or ADMIN permissions for getUserPermission(). Since we check for global permissions first for table permissions, configuring table access using global permissions will continue to work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira