[jira] [Updated] (HBASE-14950) Create table with AC fails when quota is enabled

Mon, 22 Apr 2019 08:58:08 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-14950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Biju Nair updated HBASE-14950:
------------------------------
    Labels: quota  (was: )

> Create table with AC fails when quota is enabled
> ------------------------------------------------
>
>                 Key: HBASE-14950
>                 URL: https://issues.apache.org/jira/browse/HBASE-14950
>             Project: HBase
>          Issue Type: Bug
>          Components: proc-v2
>    Affects Versions: 1.1.2
>            Reporter: Ashish Singhi
>            Priority: Critical
>              Labels: quota
>
> Scenario:
> 1. Set hbase.quota.enabled to true
> 2. As per the [ACL matrix | 
> http://hbase.apache.org/book.html#appendix_acl_matrix] for create table, 
> grant '@group1', 'C', '@ns1'
> 3. From a user of group1, create 't1', 'd'  -- *Failed*
> {noformat}
> ERROR: java.io.IOException: Namespace Descriptor found null for ns1 This is 
> unexpected.
>       at 
> org.apache.hadoop.hbase.namespace.NamespaceStateManager.checkAndUpdateNamespaceTableCount(NamespaceStateManager.java:170)
>       at 
> org.apache.hadoop.hbase.namespace.NamespaceAuditor.checkQuotaToCreateTable(NamespaceAuditor.java:76)
>       at 
> org.apache.hadoop.hbase.quotas.MasterQuotaManager.checkNamespaceTableAndRegionQuota(MasterQuotaManager.java:312)
>       at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1445)
>       at 
> org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:428)
>       at 
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:49404)
>       at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2136)
>       at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
>       at 
> org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133)
>       at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108)
>       at java.lang.Thread.run(Thread.java:745)
> {noformat}
> When quota is enabled, then as part of createTable we internally also call 
> getNamespaceDescriptor which needs 'A' privilege.
> So when quota is enabled we need both C and A permission to create a table. 
> ACL Matrix needs to be updated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to