[
https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362239#comment-14362239
]
Srikanth Srungarapu commented on HBASE-13241:
---------------------------------------------
A few comments.
- Per my understanding, what the following statement does is it tries to check
whether the users SUPERUSER, USER1_TESTGROUP_TABLE, USER2_TESTGROUP_TABLE were
able to perform grantActionAtTableLevel action which is granting permissions to
group. Please try looking at *TestAccessController#testGrantRevoke* for more
background. So, my guess we don't need these statements as we're concerned
about whether scan works for the users having proper actions.
{code}
+ verifyAllowed(grantActionAtTableLevel, SUPERUSER, USER1_TESTGROUP_TABLE,
USER2_TESTGROUP_TABLE);
{code}
- My suggestion is instead of adding a new test class which spins up a new
cluster, we can make use of existing
*TestAccessController#testPostGrantRevokeAtQualifierLevel* by adding new groups
with users in them and add them to verifyAllowed, verifyDenied appropriately.
What do you think?
> Add tests for group level grants
> --------------------------------
>
> Key: HBASE-13241
> URL: https://issues.apache.org/jira/browse/HBASE-13241
> Project: HBase
> Issue Type: Improvement
> Components: security, test
> Reporter: Sean Busbey
> Assignee: Ashish Singhi
> Priority: Critical
> Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch,
> HBASE-13241.patch
>
>
> We need to have tests for group-level grants for various scopes. ref:
> HBASE-13239
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
