[ https://issues.apache.org/jira/browse/HBASE-22581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864591#comment-16864591 ]
István Tóth commented on HBASE-22581: ------------------------------------- patch 003 fixes the checkstyle error. > user with "CREATE" permission can grant, but not revoke permissions on > created table > ------------------------------------------------------------------------------------ > > Key: HBASE-22581 > URL: https://issues.apache.org/jira/browse/HBASE-22581 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 2.1.1, 2.1.5, 2.1.6 > Reporter: István Tóth > Assignee: István Tóth > Priority: Major > Attachments: HBASE-22581.branch-2.1.001.patch, > HBASE-22581.branch-2.1.002.patch, HBASE-22581.branch-2.1.003.patch, > HBASE-22581.master.001.patch > > > A user that only has global or namespace "CREATE" permission can grant > permissions to another user on its created table, but cannot revoke them. > This bug exists on branch-2.1, from 2.1.1 > 2.0, 2.1.0, master, and branch-2.2 are not effected. > The bug can be triggered via hbase shell: > {code:java} > #Start hbase shell as superuse > #export HADOOP_USER_NAME=hbase > hbase shell > grant 'regularUser1', 'C' > exit > #Run hbase shell as regularUser1 > #grant, then revoke 'RX' permission to regularUser2 > #export HADOOP_USER_NAME=regularUser1 > hbase shell > create 'nunuke','nunuke' > grant 'regularUser2', 'RX', 'nunuke' > #This will fail on 2.1.1+ > revoke 'regularUser2', 'nunuke' > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)