Description
A user that only has global or namespace "CREATE" permission can grant permissions to another user on its created table, but cannot revoke them.
This bug exists on branch-2.1, from 2.1.1
2.0, 2.1.0, master, and branch-2.2 are not effected.
The bug can be triggered via hbase shell:
#Start hbase shell as superuse #export HADOOP_USER_NAME=hbase hbase shell grant 'regularUser1', 'C' exit #Run hbase shell as regularUser1 #grant, then revoke 'RX' permission to regularUser2 #export HADOOP_USER_NAME=regularUser1 hbase shell create 'nunuke','nunuke' grant 'regularUser2', 'RX', 'nunuke' #This will fail on 2.1.1+ revoke 'regularUser2', 'nunuke'
Attachments
Attachments
Issue Links
- Dependent
-
PHOENIX-5161 ChangePermissionsIT is failing in CDH6 branch
- Resolved
- is caused by
-
HBASE-21385 HTable.delete request use rpc call directly instead of AsyncProcess
- Resolved