[jira] [Updated] (HBASE-5787) Table owner can't disable/delete its own table

Sun, 15 Apr 2012 03:43:44 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matteo Bertozzi updated HBASE-5787:
-----------------------------------

    Attachment: HBASE-5787-tests-wrong-names.patch

Test seems ok, (tested against 0.94)
I've also attached a patch to fix some "copy-paste" code.
{code}
Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 13.659 sec
Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 18.746 sec
Running org.apache.hadoop.hbase.security.access.TestAccessController
Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 34.119 sec
Running org.apache.hadoop.hbase.security.access.TestTablePermissions
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 28.822 sec

Results :
Tests run: 27, Failures: 0, Errors: 0, Skipped: 0
{code}
                
> Table owner can't disable/delete its own table
> ----------------------------------------------
>
>                 Key: HBASE-5787
>                 URL: https://issues.apache.org/jira/browse/HBASE-5787
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.92.1, 0.94.0, 0.96.0
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>            Priority: Minor
>              Labels: acl, security
>         Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch
>
>
> An user with CREATE privileges can create a table, but can not disable it, 
> because disable operation require ADMIN privileges. Also if a table is 
> already disabled, anyone can remove it.
> {code}
> public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
>     byte[] tableName) throws IOException {
>   requirePermission(Permission.Action.CREATE);
> }
> public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
>     byte[] tableName) throws IOException {
>   /* TODO: Allow for users with global CREATE permission and the table owner 
> */
>   requirePermission(Permission.Action.ADMIN);
> }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to