d82b07dc6db0f1c693f6a56e80a0f965bace2cbd,hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java,TestAccessController,testPostGrantRevokeAtQualifierLevel,#,1095
Before Change
// only grant write permission
// TODO: comment this portion after HBASE-3583
ProtobufUtil.grant(protocol, user.getShortName(),
tableName, family1, qualifier, Permission.Action.WRITE);
Thread.sleep(100);
verifyDenied(user, getQualifierAction);
After Change
acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.grant(protocol, user.getShortName(),
tableName, family1, qualifier, Permission.Action.READ);
} finally {
acl.close();
}
Thread.sleep(100);
verifyAllowed(user, getQualifierAction);
verifyDenied(user, putQualifierAction);
verifyDenied(user, deleteQualifierAction);
// only grant write permission
// TODO: comment this portion after HBASE-3583
acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.grant(protocol, user.getShortName(),
tableName, family1, qualifier, Permission.Action.WRITE);
} finally {
acl.close();
}
Thread.sleep(100);
verifyDenied(user, getQualifierAction);
verifyAllowed(user, putQualifierAction);
verifyAllowed(user, deleteQualifierAction);
// grant both read and write permission.
acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.grant(protocol, user.getShortName(),
tableName, family1, qualifier,
Permission.Action.READ, Permission.Action.WRITE);
} finally {
acl.close();
}
Thread.sleep(100);
verifyAllowed(user, getQualifierAction);
verifyAllowed(user, putQualifierAction);
verifyAllowed(user, deleteQualifierAction);
// revoke family level permission won't impact column level.
acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.revoke(protocol, user.getShortName(),
tableName, family1, qualifier);
} finally {