diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java index 4eb40019b6d6..f4e4a4a9ffb3 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java @@ -555,7 +555,7 @@ boolean checkInitialized(String operation) { if (aclTableInitialized) { return true; } else { - LOG.warn("Skip set HDFS acls because acl table is not initialized when " + operation); + LOG.warn("Skip set HDFS acls because acl table is not initialized when {}", operation); } } return false; @@ -610,7 +610,7 @@ private Set filterUsersToRemoveNsAccessAcl(Table aclTable, TableName tab PermissionStorage.isGlobalEntry(entry) || (PermissionStorage.isNamespaceEntry(entry) && Bytes.equals(PermissionStorage.fromNamespaceEntry(entry), namespace)) - || (!Bytes.equals(tableName.getName(), entry) + || (PermissionStorage.isTableEntry(entry) && !Bytes.equals(tableName.getName(), entry) && Bytes.equals(TableName.valueOf(entry).getNamespace(), namespace)) ) { remove = false; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestSnapshotScannerHDFSAclController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestSnapshotScannerHDFSAclController.java index e8b4fe01e7c3..d79e3f308104 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestSnapshotScannerHDFSAclController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestSnapshotScannerHDFSAclController.java @@ -654,7 +654,7 @@ public void testDeleteTable() throws Exception { // delete table admin.disableTable(table); admin.deleteTable(table); - // grantUser2 and grantUser3 should have data/ns acl + // grantUser2 should have data/ns acl TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser1, snapshot1, -1); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser2, snapshot1, 6); assertTrue(hasUserNamespaceHdfsAcl(aclTable, grantUserName2, namespace)); @@ -673,6 +673,26 @@ public void testDeleteTable() throws Exception { deleteTable(table); } + @Test + public void testDeleteTable2() throws Exception { + String namespace1 = name.getMethodName() + "1"; + String namespace2 = name.getMethodName() + "2"; + String grantUser = name.getMethodName(); + TableName table = TableName.valueOf(namespace1, name.getMethodName()); + + TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table); + // grant user table permission + TestHDFSAclHelper.grantOnTable(TEST_UTIL, grantUser, table, READ); + // grant user other namespace permission + SecureTestUtil.grantOnNamespace(TEST_UTIL, grantUser, namespace2, READ); + // delete table + admin.disableTable(table); + admin.deleteTable(table); + // grantUser should have namespace2's acl + assertFalse(hasUserTableHdfsAcl(aclTable, grantUser, table)); + assertTrue(hasUserNamespaceHdfsAcl(aclTable, grantUser, namespace2)); + } + @Test public void testDeleteNamespace() throws Exception { String grantUserName = name.getMethodName();