[
https://issues.apache.org/jira/browse/HBASE-6061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13282173#comment-13282173
]
Laxman commented on HBASE-6061:
-------------------------------
Sorry for late reporting.
Still some inconsistency exists after patch. We actually need to check for
table permissions instead of global permissions here.
{code}
+ private void requireTableAdminPermission(MasterCoprocessorEnvironment e,
+ byte[] tableName) throws IOException {
+ if (isActiveUserTableOwner(e, tableName)) {
+ requirePermission(Permission.Action.CREATE);
+ } else {
+ requirePermission(Permission.Action.ADMIN);
+ }
+ }
{code}
I think this needs to be handled as separate jira.
> Fix ACL "Admin" Table inconsistent permission check
> ---------------------------------------------------
>
> Key: HBASE-6061
> URL: https://issues.apache.org/jira/browse/HBASE-6061
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.92.1, 0.94.0, 0.96.0
> Reporter: Matteo Bertozzi
> Assignee: Matteo Bertozzi
> Labels: acl, security
> Fix For: 0.92.2, 0.96.0, 0.94.1
>
> Attachments: HBASE-6061-0.92.patch, HBASE-6061-v0.patch,
> HBASE-6061-v1.patch
>
>
> the requirePermission() check for "admin" operation on a table is currently
> inconsistent.
> Table Owner with CREATE rights (that means, the owner has created that table)
> can enable/disable and delete the table but needs ADMIN rights to
> add/remove/modify a column.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
