[ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13393391#comment-13393391 ]
Laxman commented on HBASE-6188: ------------------------------- Thanks for pointing it out Andy. I couldn't notice these test failures as they are intermittent failures. Even in QA bot build also passing. I will correct this. {quote} The new code in postCreateTable must make a special case for the ACL table. It's not possible to call AccessControlLists.addUserPermission before the ACL table is deployed, i.e. created. {quote} Introducing a check like below is fine? {code} public void postCreateTable(ObserverContext<MasterCoprocessorEnvironment> c, HTableDescriptor desc, HRegionInfo[] regions) throws IOException { if (!AccessControlLists.isAclTable(desc)) { String owner = desc.getOwnerString(); // default the table owner to current user, if not specified. if (owner == null) owner = getActiveUser().getShortName(); UserPermission userperm = new UserPermission(Bytes.toBytes(owner), desc.getName(), null, Action.values()); AccessControlLists.addUserPermission(c.getEnvironment().getConfiguration(), userperm); } } {code} Apologies for the noise due to multiple submissions for this issue. > Remove the concept of table owner > --------------------------------- > > Key: HBASE-6188 > URL: https://issues.apache.org/jira/browse/HBASE-6188 > Project: HBase > Issue Type: Sub-task > Components: security > Affects Versions: 0.94.0, 0.96.0, 0.94.1 > Reporter: Andrew Purtell > Assignee: Laxman > Labels: security > Fix For: 0.96.0, 0.94.1 > > Attachments: HBASE-6188.1.patch, HBASE-6188.2.patch, HBASE-6188.patch > > > The table owner concept was a design simplification in the initial drop. > First, the design changes under review means only a user with GLOBAL CREATE > permission can create a table, which will probably be an administrator. > Then, granting implicit permissions may lead to oversights and it adds > unnecessary conditionals to our code. So instead the administrator with > GLOBAL CREATE permission should make the appropriate grants at table create > time. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira