Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13826 Unable to create table when group acls are appropriately set.

This commit is contained in:
Srikanth Srungarapu 2015-06-02 22:37:41 -07:00
parent 722fd17069
commit fad545652f
2 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
View File

@ -392,7 +392,7 @@ public class TableAuthManager {
public boolean authorize(User user, String namespace, Permission.Action action) { public boolean authorize(User user, String namespace, Permission.Action action) {
// Global authorizations supercede namespace level // Global authorizations supercede namespace level
if (authorizeUser(user, action)) { if (authorize(user, action)) {
return true; return true;
} }
// Check namespace permissions // Check namespace permissions
@ -430,14 +430,6 @@ public class TableAuthManager {
return false; return false;
} }
/**
* Checks global authorization for a specific action for a user, based on the
* stored user permissions.
*/
public boolean authorizeUser(User user, Permission.Action action) {
return authorize(globalCache.getUser(user.getShortName()), action);
}
/** /**
* Checks authorization to a given table and column family for a user, based on the * Checks authorization to a given table and column family for a user, based on the
* stored user permissions. * stored user permissions.

21
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
View File

@ -198,6 +198,27 @@ public class TestAccessController2 extends SecureTestUtil {
assertTrue(perms.get(0).implies(Permission.Action.ADMIN)); assertTrue(perms.get(0).implies(Permission.Action.ADMIN));
} }
@Test
public void testCreateTableWithGroupPermissions() throws Exception {
grantGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
AccessTestAction createAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
try (Admin admin = connection.getAdmin()) {
admin.createTable(desc);
}
}
return null;
}
};
verifyAllowed(createAction, TESTGROUP1_USER1);
verifyDenied(createAction, TESTGROUP2_USER1);
revokeGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
}
@Test @Test
public void testACLTableAccess() throws Exception { public void testACLTableAccess() throws Exception {
final Configuration conf = TEST_UTIL.getConfiguration(); final Configuration conf = TEST_UTIL.getConfiguration();