[jira] [Commented] (HBASE-18437) Revoke access permissions of a user from a table does not work as expected

Mon, 07 Aug 2017 19:34:00 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-18437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16117755#comment-16117755
 ] 

Ashish Singhi commented on HBASE-18437:
---------------------------------------

bq. The permsList is obtained for this user and why again user check? Sorry not 
getting. Or u have to check the table details?
The permlist is obtained for acl table, the row key in acl table is the 
tablename, it will return all the global user names.
Below is the acl table scan output for better understanding,
{noformat}
hbase(main):011:0> scan 'hbase:acl'
ROW                                                          COLUMN+CELL
 hbase:acl                                                   column=l:ashish, 
timestamp=1502156949293, value=RWXCA
 hbase:acl                                                   column=l:singhi, 
timestamp=1502159481193, value=RW
 t1                                                          column=l:hbase, 
timestamp=1501849980130, value=RWXCA
 t12                                                         column=l:hbase, 
timestamp=1502156979137, value=RWXCA
3 row(s) in 0.0140 seconds
{noformat}

> Revoke access permissions of a user from a table does not work as expected
> --------------------------------------------------------------------------
>
>                 Key: HBASE-18437
>                 URL: https://issues.apache.org/jira/browse/HBASE-18437
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.12
>            Reporter: Ashish Singhi
>            Assignee: Ashish Singhi
>         Attachments: HBASE-18437.patch
>
>
> A table for which a user was granted 'RW' permission. Now when we want to 
> revoke its 'W' permission only, code removes the user itself from that table 
> permissions.
> Below is the test code which reproduces the issue.
> {noformat}
> @Test(timeout = 180000)
>   public void testRevokeOnlySomePerms() throws Throwable {
>     TableName name = TableName.valueOf("testAgain");
>     HTableDescriptor htd = new HTableDescriptor(name);
>     HColumnDescriptor hcd = new HColumnDescriptor("cf");
>     htd.addFamily(hcd);
>     createTable(TEST_UTIL, htd);
>     TEST_UTIL.waitUntilAllRegionsAssigned(name);
>     try (Connection conn = ConnectionFactory.createConnection(conf)) {
>       AccessControlClient.grant(conn, name, USER_RO.getShortName(), null, 
> null, Action.READ, Action.WRITE);
>       ListMultimap<String, TablePermission> tablePermissions = 
> AccessControlLists.getTablePermissions(conf, name);
>       // hbase user and USER_RO has permis
>       assertEquals(2, tablePermissions.size());
>       AccessControlClient.revoke(conn, name, USER_RO.getShortName(), null, 
> null, Action.WRITE);
>       tablePermissions = AccessControlLists.getTablePermissions(conf, name);
>       List<TablePermission> userPerm = 
> tablePermissions.get(USER_RO.getShortName());
>       assertEquals(1, userPerm.size());
>     } finally {
>       deleteTable(TEST_UTIL, name);
>     }
>   }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to