[
https://issues.apache.org/jira/browse/HBASE-12634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233941#comment-14233941
]
Ashish Singhi commented on HBASE-12634:
---------------------------------------
I meant, user having admin rights on a namespace will be able to perform
Create/Delete/Modify namespace operation on that namespace only.
I hope Anoop that answers your question.
But here create namespace ideally should authorize for user having global
admins rights not admin right on the namespace which is requested to create.
Namespace is still not created here.
But it passes away since we have an 'OR' condition.
Should I change
{code} requireGlobalPermission("createNamespace", Action.ADMIN, ns.getName());
{code} to {code}requirePermission("createNamespace", Action.ADMIN);{code} In
this jira or another jira ?
> Fix the AccessController#requireGlobalPermission(ns) with NS
> -------------------------------------------------------------
>
> Key: HBASE-12634
> URL: https://issues.apache.org/jira/browse/HBASE-12634
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.98.8
> Reporter: Ashish Singhi
> Assignee: Ashish Singhi
> Fix For: 1.0.0, 2.0.0, 0.98.9
>
> Attachments: HBASE-12634-v2.patch, HBASE-12634.patch
>
>
> The namespace argument passed to AccessController#requireGlobalPermission API
> to authorize namespace is actually not authorizing it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
