[ https://issues.apache.org/jira/browse/HBASE-22581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
István Tóth updated HBASE-22581: -------------------------------- Attachment: HBASE-22581.branch-2.1.001.patch Status: Patch Available (was: Open) Should I add the unit test for master as well ? > user with "CREATE" permission can grant, but not revoke permissions on > created table > ------------------------------------------------------------------------------------ > > Key: HBASE-22581 > URL: https://issues.apache.org/jira/browse/HBASE-22581 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 2.1.5, 2.1.1, 2.1.6 > Reporter: István Tóth > Assignee: István Tóth > Priority: Major > Attachments: HBASE-22581.branch-2.1.001.patch > > > A user that only has global or namespace "CREATE" permission can grant > permissions to another user on its created table, but cannot revoke them. > This bug exists on branch-2.1, from 2.1.1 > 2.0, 2.1.0, master, and branch-2.2 are not effected. > The bug can be triggered via hbase shell: > {code:java} > #Start hbase shell as superuse > #export HADOOP_USER_NAME=hbase > hbase shell > grant 'regularUser1', 'C' > exit > #Run hbase shell as regularUser1 > #grant, then revoke 'RX' permission to regularUser2 > #export HADOOP_USER_NAME=regularUser1 > hbase shell > create 'nunuke','nunuke' > grant 'regularUser2', 'RX', 'nunuke' > #This will fail on 2.1.1+ > revoke 'regularUser2', 'nunuke' > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)