[ https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362239#comment-14362239 ]
Srikanth Srungarapu commented on HBASE-13241: --------------------------------------------- A few comments. - Per my understanding, what the following statement does is it tries to check whether the users SUPERUSER, USER1_TESTGROUP_TABLE, USER2_TESTGROUP_TABLE were able to perform grantActionAtTableLevel action which is granting permissions to group. Please try looking at *TestAccessController#testGrantRevoke* for more background. So, my guess we don't need these statements as we're concerned about whether scan works for the users having proper actions. {code} + verifyAllowed(grantActionAtTableLevel, SUPERUSER, USER1_TESTGROUP_TABLE, USER2_TESTGROUP_TABLE); {code} - My suggestion is instead of adding a new test class which spins up a new cluster, we can make use of existing *TestAccessController#testPostGrantRevokeAtQualifierLevel* by adding new groups with users in them and add them to verifyAllowed, verifyDenied appropriately. What do you think? > Add tests for group level grants > -------------------------------- > > Key: HBASE-13241 > URL: https://issues.apache.org/jira/browse/HBASE-13241 > Project: HBase > Issue Type: Improvement > Components: security, test > Reporter: Sean Busbey > Assignee: Ashish Singhi > Priority: Critical > Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch, > HBASE-13241.patch > > > We need to have tests for group-level grants for various scopes. ref: > HBASE-13239 -- This message was sent by Atlassian JIRA (v6.3.4#6332)