Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-12774 Fix the inconsistent permission checks for bulkloading. (Srikanth Srungarapu)

This commit is contained in:
Enis Soztutar 2015-01-21 17:03:55 -08:00
parent 735fe20029
commit 8793383b66
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -1958,7 +1958,7 @@ public class AccessController extends BaseMasterAndRegionObserver
} }
/** /**
* Verifies user has WRITE privileges on * Verifies user has CREATE privileges on
* the Column Families involved in the bulkLoadHFile * the Column Families involved in the bulkLoadHFile
* request. Specific Column Write privileges are presently * request. Specific Column Write privileges are presently
* ignored. * ignored.
@ -2015,11 +2015,11 @@ public class AccessController extends BaseMasterAndRegionObserver
PrepareBulkLoadRequest request) throws IOException { PrepareBulkLoadRequest request) throws IOException {
RegionCoprocessorEnvironment e = ctx.getEnvironment(); RegionCoprocessorEnvironment e = ctx.getEnvironment();
AuthResult authResult = hasSomeAccess(e, "prePrepareBulkLoad", Action.WRITE); AuthResult authResult = hasSomeAccess(e, "prePrepareBulkLoad", Action.CREATE);
logResult(authResult); logResult(authResult);
if (!authResult.isAllowed()) { if (!authResult.isAllowed()) {
throw new AccessDeniedException("Insufficient permissions (table=" + throw new AccessDeniedException("Insufficient permissions (table=" +
e.getRegion().getTableDesc().getTableName() + ", action=WRITE)"); e.getRegion().getTableDesc().getTableName() + ", action=CREATE)");
} }
} }
@ -2035,11 +2035,11 @@ public class AccessController extends BaseMasterAndRegionObserver
CleanupBulkLoadRequest request) throws IOException { CleanupBulkLoadRequest request) throws IOException {
RegionCoprocessorEnvironment e = ctx.getEnvironment(); RegionCoprocessorEnvironment e = ctx.getEnvironment();
AuthResult authResult = hasSomeAccess(e, "preCleanupBulkLoad", Action.WRITE); AuthResult authResult = hasSomeAccess(e, "preCleanupBulkLoad", Action.CREATE);
logResult(authResult); logResult(authResult);
if (!authResult.isAllowed()) { if (!authResult.isAllowed()) {
throw new AccessDeniedException("Insufficient permissions (table=" + throw new AccessDeniedException("Insufficient permissions (table=" +
e.getRegion().getTableDesc().getTableName() + ", action=WRITE)"); e.getRegion().getTableDesc().getTableName() + ", action=CREATE)");
} }
} }