Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-11008 Align bulk load, flush, and compact to require Action.CREATE 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590124 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jean-Daniel Cryans 2014-04-25 20:00:21 +00:00
parent 6a127224e6
commit e1a767105d
3 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -1219,7 +1219,8 @@ public class AccessController extends BaseRegionObserver
@Override @Override
public void preFlush(ObserverContext<RegionCoprocessorEnvironment> e) throws IOException { public void preFlush(ObserverContext<RegionCoprocessorEnvironment> e) throws IOException {
requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN); requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
Action.CREATE);
} }
@Override @Override
@ -1237,7 +1238,8 @@ public class AccessController extends BaseRegionObserver
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e, public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e,
final Store store, final InternalScanner scanner, final ScanType scanType) final Store store, final InternalScanner scanner, final ScanType scanType)
throws IOException { throws IOException {
requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN); requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
Action.CREATE);
return scanner; return scanner;
} }
@ -1549,7 +1551,7 @@ public class AccessController extends BaseRegionObserver
ctx.getEnvironment().getRegion().getTableDesc().getTableName(), ctx.getEnvironment().getRegion().getTableDesc().getTableName(),
el.getFirst(), el.getFirst(),
null, null,
Permission.Action.WRITE); Action.CREATE);
} }
} }

8
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -616,8 +616,8 @@ public class TestAccessController extends SecureTestUtil {
} }
}; };
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); verifyDenied(action, USER_RW, USER_RO, USER_NONE);
} }
@Test @Test
@ -631,8 +631,8 @@ public class TestAccessController extends SecureTestUtil {
} }
}; };
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); verifyDenied(action, USER_RW, USER_RO, USER_NONE);
} }
@Test @Test

20
src/main/docbkx/security.xml
View File

@ -602,14 +602,6 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry> <entry></entry>
<entry>CheckAndDelete/Put</entry> <entry>CheckAndDelete/Put</entry>
</row> </row>
<row>
<entry></entry>
<entry>Flush</entry>
</row>
<row>
<entry></entry>
<entry>Compact</entry>
</row>
<!-- CREATE --> <!-- CREATE -->
<row> <row>
<entry>Create</entry> <entry>Create</entry>
@ -623,6 +615,10 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry> <entry></entry>
<entry>Drop</entry> <entry>Drop</entry>
</row> </row>
<row>
<entry></entry>
<entry>Bulk Load</entry>
</row>
<!-- ADMIN --> <!-- ADMIN -->
<row> <row>
<entry>Admin</entry> <entry>Admin</entry>
@ -636,6 +632,14 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry> <entry></entry>
<entry>Split</entry> <entry>Split</entry>
</row> </row>
<row>
<entry></entry>
<entry>Flush</entry>
</row>
<row>
<entry></entry>
<entry>Compact</entry>
</row>
<row> <row>
<entry></entry> <entry></entry>
<entry>Major Compact</entry> <entry>Major Compact</entry>