[ https://issues.apache.org/jira/browse/HBASE-5787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matteo Bertozzi updated HBASE-5787: ----------------------------------- Attachment: HBASE-5787-tests-wrong-names.patch Test seems ok, (tested against 0.94) I've also attached a patch to fix some "copy-paste" code. {code} Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 13.659 sec Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 18.746 sec Running org.apache.hadoop.hbase.security.access.TestAccessController Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 34.119 sec Running org.apache.hadoop.hbase.security.access.TestTablePermissions Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 28.822 sec Results : Tests run: 27, Failures: 0, Errors: 0, Skipped: 0 {code} > Table owner can't disable/delete its own table > ---------------------------------------------- > > Key: HBASE-5787 > URL: https://issues.apache.org/jira/browse/HBASE-5787 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 0.92.1, 0.94.0, 0.96.0 > Reporter: Matteo Bertozzi > Assignee: Matteo Bertozzi > Priority: Minor > Labels: acl, security > Attachments: HBASE-5787-tests-wrong-names.patch, HBASE-5787-v0.patch > > > An user with CREATE privileges can create a table, but can not disable it, > because disable operation require ADMIN privileges. Also if a table is > already disabled, anyone can remove it. > {code} > public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, > byte[] tableName) throws IOException { > requirePermission(Permission.Action.CREATE); > } > public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c, > byte[] tableName) throws IOException { > /* TODO: Allow for users with global CREATE permission and the table owner > */ > requirePermission(Permission.Action.ADMIN); > } > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira