[jira] [Updated] (HBASE-12811) [AccessController] NPE while scan a table with user associated with multiple groups.

Tue, 06 Jan 2015 09:45:55 -0800 

     [ 
https://issues.apache.org/jira/browse/HBASE-12811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Purtell updated HBASE-12811:
-----------------------------------
    Fix Version/s: 1.1.0
                   0.98.10
                   2.0.0
                   1.0.0
          Summary: [AccessController] NPE while scan a table with user 
associated with multiple groups.  (was: NPE while scan a table with user 
associated with multiple groups.)

> [AccessController] NPE while scan a table with user associated with multiple 
> groups.
> ------------------------------------------------------------------------------------
>
>                 Key: HBASE-12811
>                 URL: https://issues.apache.org/jira/browse/HBASE-12811
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.98.9
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>             Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
>
> A user is associated with two groups.
> {noformat}
> /hbase/bin> groups ashish_test
> ashish_test : defaultgroup ashish_test_1420524824527
> {noformat}
> One of its group is granted permission on a table as shown by user_permission 
> command.
> {noformat}
> hbase(main):005:0> user_permission 't1'
> User                                                 
> Table,Family,Qualifier:Permission
>  @ashish_test_1420524824527                          t1,,: [Permission: 
> actions=EXEC,WRITE,CREATE]
>  @ashish_test_1420524824527                          t1,d,: [Permission: 
> actions=EXEC,WRITE,CREATE]
>  hbase                                               t1,,: [Permission: 
> actions=READ,WRITE,EXEC,CREATE,ADMIN]
> 3 row(s) in 0.3710 seconds
> {noformat}
> Now when this user try the scan the table, we get the following exception.
> {noformat}
> java.lang.NullPointerException
>       at 
> org.apache.hadoop.hbase.security.access.TablePermission.implies(TablePermission.java:215)
>       at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:340)
>       at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:332)
>       at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorizeGroup(TableAuthManager.java:473)
>       at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:490)
>       at 
> org.apache.hadoop.hbase.security.access.TableAuthManager.authorize(TableAuthManager.java:500)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:415)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.permissionGranted(AccessController.java:484)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1504)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:2027)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1987)
>       at 
> org.apache.hadoop.hbase.regionserver.HRegionServer.scan(HRegionServer.java:3102)
> {noformat}
> *Note:* Line numbers may not match.
> Exception is coming because the other group of same user which has not been 
> granted permission on the table will have the TablePermission's table(name) 
> as null.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to