You are correct in your understanding of namespace permissions. That check is a sanity check for fast failure of your job if you can't read the table. I think you might be right that it's not checking if you have read permission inherited from the namespace. It is possible that the check's implementation will also check if you have the permission at the table's namespace level, but I can't verify the implementation at the moment. If it doesn't, then this sanity check's lack of consideration for namespaces is a bug.
On Tue, Jul 17, 2018 at 4:28 PM James Srinivasan <james.sriniva...@gmail.com> wrote: > Hi all, > > I'm a little confused regarding Namespace and table permissions. My > assumption is that granting Namespace.READ will allow a user to read > all tables in a namespace, even those which are created after the > permission is granted, but before the client tries to access the > table. My specific issue seems to be that > InputConfigurator.validatePermisisons > ( > https://github.com/apache/accumulo/blob/rel/1.9.0/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java#L782 > ) > seems to only check the table, and not the namespace permissions. Is > my assumption correct? Is there a way of granting the permission I > need? > > Many thanks, > > James >