Apache/hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13239 HBase grant at specific column level does not work for Groups

Browse Source
This commit is contained in:
tedyu 2015-03-14 20:21:37 -07:00
parent df238346d2
commit 01bc979ea2
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
View File

@ -295,7 +295,7 @@ public class TableAuthManager {
} }
} }
} else if (LOG.isDebugEnabled()) { } else if (LOG.isDebugEnabled()) {
LOG.debug("No permissions found"); LOG.debug("No permissions found for " + action);
} }
return false; return false;
@ -488,20 +488,26 @@ public class TableAuthManager {
* permissions. * permissions.
*/ */
public boolean authorizeGroup(String groupName, Permission.Action action) { public boolean authorizeGroup(String groupName, Permission.Action action) {
return authorize(globalCache.getGroup(groupName), action); List<Permission> perms = globalCache.getGroup(groupName);
if (LOG.isDebugEnabled()) {
LOG.debug("authorizing " + (perms != null && !perms.isEmpty() ? perms.get(0) : "") +
" for " + action);
}
return authorize(perms, action);
} }
/** /**
* Checks authorization to a given table and column family for a group, based * Checks authorization to a given table, column family and column for a group, based
* on the stored permissions. * on the stored permissions.
* @param groupName * @param groupName
* @param table * @param table
* @param family * @param family
* @param qualifier
* @param action * @param action
* @return true if known and authorized, false otherwise * @return true if known and authorized, false otherwise
*/ */
public boolean authorizeGroup(String groupName, TableName table, byte[] family, public boolean authorizeGroup(String groupName, TableName table, byte[] family,
Permission.Action action) { byte[] qualifier, Permission.Action action) {
// Global authorization supercedes table level // Global authorization supercedes table level
if (authorizeGroup(groupName, action)) { if (authorizeGroup(groupName, action)) {
return true; return true;
@ -513,7 +519,13 @@ public class TableAuthManager {
return true; return true;
} }
// Check table level // Check table level
return authorize(getTablePermissions(table).getGroup(groupName), table, family, action); List<TablePermission> tblPerms = getTablePermissions(table).getGroup(groupName);
if (LOG.isDebugEnabled()) {
LOG.debug("authorizing " + (tblPerms != null && !tblPerms.isEmpty() ? tblPerms.get(0) : "") +
" for " +groupName + " on " + table + "." + Bytes.toString(family) + "." +
Bytes.toString(qualifier) + " with " + action);
}
return authorize(tblPerms, table, family, qualifier, action);
} }
/** /**
@ -548,7 +560,7 @@ public class TableAuthManager {
String[] groups = user.getGroupNames(); String[] groups = user.getGroupNames();
if (groups != null) { if (groups != null) {
for (String group : groups) { for (String group : groups) {
if (authorizeGroup(group, table, family, action)) { if (authorizeGroup(group, table, family, qualifier, action)) {
return true; return true;
} }
} }