HBASE-11008 Align bulk load, flush, and compact to require Action.CREATE

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590124 13f79535-47bb-0310-9956-ffa450edef68

hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java

@@ -1219,7 +1219,8 @@ public class AccessController extends BaseRegionObserver
 
   @Override
   public void preFlush(ObserverContext<RegionCoprocessorEnvironment> e) throws IOException {
-    requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
+    requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
+        Action.CREATE);
   }
 
   @Override
@@ -1237,7 +1238,8 @@ public class AccessController extends BaseRegionObserver
   public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e,
       final Store store, final InternalScanner scanner, final ScanType scanType)
           throws IOException {
-    requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
+    requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
+        Action.CREATE);
     return scanner;
   }
 
@@ -1549,7 +1551,7 @@ public class AccessController extends BaseRegionObserver
           ctx.getEnvironment().getRegion().getTableDesc().getTableName(),
           el.getFirst(),
           null,
-          Permission.Action.WRITE);
+          Action.CREATE);
     }
   }
 

hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

@@ -616,8 +616,8 @@ public class TestAccessController extends SecureTestUtil {
       }
     };
 
-    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
-    verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
+    verifyDenied(action, USER_RW, USER_RO, USER_NONE);
   }
 
   @Test
@@ -631,8 +631,8 @@ public class TestAccessController extends SecureTestUtil {
       }
     };
 
-    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
-    verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
+    verifyDenied(action, USER_RW, USER_RO, USER_NONE);
   }
 
   @Test

src/main/docbkx/security.xml

@@ -602,14 +602,6 @@ Access control mechanisms are mature and fairly standardized in the relational d
           <entry></entry>
           <entry>CheckAndDelete/Put</entry>
         </row>
-        <row>
-          <entry></entry>
-          <entry>Flush</entry>
-        </row>
-        <row>
-          <entry></entry>
-          <entry>Compact</entry>
-        </row>
         <!-- CREATE -->
         <row>
           <entry>Create</entry>
@@ -623,6 +615,10 @@ Access control mechanisms are mature and fairly standardized in the relational d
           <entry></entry>
           <entry>Drop</entry>
         </row>
+        <row>
+          <entry></entry>
+          <entry>Bulk Load</entry>
+        </row>
         <!-- ADMIN -->
         <row>
           <entry>Admin</entry>
@@ -636,6 +632,14 @@ Access control mechanisms are mature and fairly standardized in the relational d
           <entry></entry>
           <entry>Split</entry>
         </row>
+        <row>
+          <entry></entry>
+          <entry>Flush</entry>
+        </row>
+        <row>
+          <entry></entry>
+          <entry>Compact</entry>
+        </row>
         <row>
           <entry></entry>
           <entry>Major Compact</entry>