HBASE-11008 Align bulk load, flush, and compact to require Action.CREATE
git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590124 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
6a127224e6
commit
e1a767105d
|
@ -1219,7 +1219,8 @@ public class AccessController extends BaseRegionObserver
|
|||
|
||||
@Override
|
||||
public void preFlush(ObserverContext<RegionCoprocessorEnvironment> e) throws IOException {
|
||||
requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
|
||||
requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
|
||||
Action.CREATE);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -1237,7 +1238,8 @@ public class AccessController extends BaseRegionObserver
|
|||
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e,
|
||||
final Store store, final InternalScanner scanner, final ScanType scanType)
|
||||
throws IOException {
|
||||
requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
|
||||
requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
|
||||
Action.CREATE);
|
||||
return scanner;
|
||||
}
|
||||
|
||||
|
@ -1549,7 +1551,7 @@ public class AccessController extends BaseRegionObserver
|
|||
ctx.getEnvironment().getRegion().getTableDesc().getTableName(),
|
||||
el.getFirst(),
|
||||
null,
|
||||
Permission.Action.WRITE);
|
||||
Action.CREATE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -616,8 +616,8 @@ public class TestAccessController extends SecureTestUtil {
|
|||
}
|
||||
};
|
||||
|
||||
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
|
||||
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
|
||||
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
|
||||
verifyDenied(action, USER_RW, USER_RO, USER_NONE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -631,8 +631,8 @@ public class TestAccessController extends SecureTestUtil {
|
|||
}
|
||||
};
|
||||
|
||||
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
|
||||
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
|
||||
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
|
||||
verifyDenied(action, USER_RW, USER_RO, USER_NONE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -602,14 +602,6 @@ Access control mechanisms are mature and fairly standardized in the relational d
|
|||
<entry></entry>
|
||||
<entry>CheckAndDelete/Put</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Flush</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Compact</entry>
|
||||
</row>
|
||||
<!-- CREATE -->
|
||||
<row>
|
||||
<entry>Create</entry>
|
||||
|
@ -623,6 +615,10 @@ Access control mechanisms are mature and fairly standardized in the relational d
|
|||
<entry></entry>
|
||||
<entry>Drop</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Bulk Load</entry>
|
||||
</row>
|
||||
<!-- ADMIN -->
|
||||
<row>
|
||||
<entry>Admin</entry>
|
||||
|
@ -636,6 +632,14 @@ Access control mechanisms are mature and fairly standardized in the relational d
|
|||
<entry></entry>
|
||||
<entry>Split</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Flush</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Compact</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry></entry>
|
||||
<entry>Major Compact</entry>
|
||||
|
|
Loading…
Reference in New Issue