1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.access;
19
20 import static org.apache.hadoop.hbase.AuthUtil.toGroupEntry;
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertTrue;
23
24 import java.util.List;
25 import java.util.Arrays;
26 import java.util.Map;
27
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.apache.hadoop.conf.Configuration;
31 import org.apache.hadoop.hbase.HBaseTestingUtility;
32 import org.apache.hadoop.hbase.HColumnDescriptor;
33 import org.apache.hadoop.hbase.HConstants;
34 import org.apache.hadoop.hbase.HTableDescriptor;
35 import org.apache.hadoop.hbase.NamespaceDescriptor;
36 import org.apache.hadoop.hbase.testclassification.MediumTests;
37 import org.apache.hadoop.hbase.TableName;
38 import org.apache.hadoop.hbase.client.Admin;
39 import org.apache.hadoop.hbase.client.Connection;
40 import org.apache.hadoop.hbase.client.ConnectionFactory;
41 import org.apache.hadoop.hbase.client.Get;
42 import org.apache.hadoop.hbase.client.Result;
43 import org.apache.hadoop.hbase.client.Table;
44 import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
45 import org.apache.hadoop.hbase.coprocessor.ObserverContext;
46 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
47 import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
48 import org.apache.hadoop.hbase.security.User;
49 import org.apache.hadoop.hbase.security.access.Permission.Action;
50 import org.apache.hadoop.hbase.util.Bytes;
51 import org.junit.AfterClass;
52 import org.junit.BeforeClass;
53 import org.junit.Ignore;
54 import org.junit.Test;
55 import org.junit.experimental.categories.Category;
56
57 import com.google.common.collect.ListMultimap;
58 import com.google.protobuf.BlockingRpcChannel;
59
60 @Category(MediumTests.class)
61 public class TestNamespaceCommands extends SecureTestUtil {
62 private static HBaseTestingUtility UTIL = new HBaseTestingUtility();
63 private static final Log LOG = LogFactory.getLog(TestNamespaceCommands.class);
64 private static String TEST_NAMESPACE = "ns1";
65 private static String TEST_NAMESPACE2 = "ns2";
66 private static Configuration conf;
67 private static MasterCoprocessorEnvironment CP_ENV;
68 private static AccessController ACCESS_CONTROLLER;
69
70
71 private static User SUPERUSER;
72
73
74 private static User USER_GLOBAL_ADMIN;
75
76 private static User USER_GLOBAL_CREATE;
77
78 private static User USER_GLOBAL_WRITE;
79
80 private static User USER_GLOBAL_READ;
81
82 private static User USER_GLOBAL_EXEC;
83
84
85 private static User USER_NS_ADMIN;
86
87 private static User USER_NS_CREATE;
88
89 private static User USER_NS_WRITE;
90
91 private static User USER_NS_READ;
92
93 private static User USER_NS_EXEC;
94
95
96 private static User USER_TABLE_WRITE;
97
98 private static User USER_TABLE_CREATE;
99
100 private static final String GROUP_ADMIN = "group_admin";
101 private static final String GROUP_NS_ADMIN = "group_ns_admin";
102 private static final String GROUP_CREATE = "group_create";
103 private static final String GROUP_READ = "group_read";
104 private static final String GROUP_WRITE = "group_write";
105
106 private static User USER_GROUP_ADMIN;
107 private static User USER_GROUP_NS_ADMIN;
108 private static User USER_GROUP_CREATE;
109 private static User USER_GROUP_READ;
110 private static User USER_GROUP_WRITE;
111
112 private static String TEST_TABLE = TEST_NAMESPACE + ":testtable";
113 private static byte[] TEST_FAMILY = Bytes.toBytes("f1");
114
115 @BeforeClass
116 public static void beforeClass() throws Exception {
117 conf = UTIL.getConfiguration();
118 conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10);
119 enableSecurity(conf);
120
121 SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
122
123 USER_GLOBAL_ADMIN = User.createUserForTesting(conf, "global_admin", new String[0]);
124 USER_GLOBAL_CREATE = User.createUserForTesting(conf, "global_create", new String[0]);
125 USER_GLOBAL_WRITE = User.createUserForTesting(conf, "global_write", new String[0]);
126 USER_GLOBAL_READ = User.createUserForTesting(conf, "global_read", new String[0]);
127 USER_GLOBAL_EXEC = User.createUserForTesting(conf, "global_exec", new String[0]);
128
129 USER_NS_ADMIN = User.createUserForTesting(conf, "namespace_admin", new String[0]);
130 USER_NS_CREATE = User.createUserForTesting(conf, "namespace_create", new String[0]);
131 USER_NS_WRITE = User.createUserForTesting(conf, "namespace_write", new String[0]);
132 USER_NS_READ = User.createUserForTesting(conf, "namespace_read", new String[0]);
133 USER_NS_EXEC = User.createUserForTesting(conf, "namespace_exec", new String[0]);
134
135 USER_TABLE_CREATE = User.createUserForTesting(conf, "table_create", new String[0]);
136 USER_TABLE_WRITE = User.createUserForTesting(conf, "table_write", new String[0]);
137
138 USER_GROUP_ADMIN =
139 User.createUserForTesting(conf, "user_group_admin", new String[] { GROUP_ADMIN });
140 USER_GROUP_NS_ADMIN =
141 User.createUserForTesting(conf, "user_group_ns_admin", new String[] { GROUP_NS_ADMIN });
142 USER_GROUP_CREATE =
143 User.createUserForTesting(conf, "user_group_create", new String[] { GROUP_CREATE });
144 USER_GROUP_READ =
145 User.createUserForTesting(conf, "user_group_read", new String[] { GROUP_READ });
146 USER_GROUP_WRITE =
147 User.createUserForTesting(conf, "user_group_write", new String[] { GROUP_WRITE });
148
149
150 UTIL.startMiniCluster();
151
152 UTIL.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME.getName(), 30 * 1000);
153
154 ACCESS_CONTROLLER = (AccessController) UTIL.getMiniHBaseCluster().getMaster()
155 .getMasterCoprocessorHost()
156 .findCoprocessor(AccessController.class.getName());
157
158 UTIL.getHBaseAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE).build());
159 UTIL.getHBaseAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE2).build());
160
161
162 grantGlobal(UTIL, USER_GLOBAL_ADMIN.getShortName(), Permission.Action.ADMIN);
163 grantGlobal(UTIL, USER_GLOBAL_CREATE.getShortName(), Permission.Action.CREATE);
164 grantGlobal(UTIL, USER_GLOBAL_WRITE.getShortName(), Permission.Action.WRITE);
165 grantGlobal(UTIL, USER_GLOBAL_READ.getShortName(), Permission.Action.READ);
166 grantGlobal(UTIL, USER_GLOBAL_EXEC.getShortName(), Permission.Action.EXEC);
167
168
169 grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE, Permission.Action.ADMIN);
170 grantOnNamespace(UTIL, USER_NS_CREATE.getShortName(), TEST_NAMESPACE, Permission.Action.CREATE);
171 grantOnNamespace(UTIL, USER_NS_WRITE.getShortName(), TEST_NAMESPACE, Permission.Action.WRITE);
172 grantOnNamespace(UTIL, USER_NS_READ.getShortName(), TEST_NAMESPACE, Permission.Action.READ);
173 grantOnNamespace(UTIL, USER_NS_EXEC.getShortName(), TEST_NAMESPACE, Permission.Action.EXEC);
174 grantOnNamespace(UTIL, toGroupEntry(GROUP_NS_ADMIN), TEST_NAMESPACE, Permission.Action.ADMIN);
175
176 grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE2, Permission.Action.ADMIN);
177
178 grantGlobal(UTIL, toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);
179 grantGlobal(UTIL, toGroupEntry(GROUP_CREATE), Permission.Action.CREATE);
180 grantGlobal(UTIL, toGroupEntry(GROUP_READ), Permission.Action.READ);
181 grantGlobal(UTIL, toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
182 }
183
184 @AfterClass
185 public static void afterClass() throws Exception {
186 UTIL.getHBaseAdmin().deleteNamespace(TEST_NAMESPACE);
187 UTIL.getHBaseAdmin().deleteNamespace(TEST_NAMESPACE2);
188 UTIL.shutdownMiniCluster();
189 }
190
191 @Ignore @Test
192 public void testAclTableEntries() throws Exception {
193 String userTestNamespace = "userTestNsp";
194 try(Connection conn = ConnectionFactory.createConnection(conf);
195 Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
196 ListMultimap<String, TablePermission> perms =
197 AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
198
199 perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
200 for (Map.Entry<String, TablePermission> entry : perms.entries()) {
201 LOG.debug(entry);
202 }
203 assertEquals(6, perms.size());
204
205
206 grantOnNamespace(UTIL, userTestNamespace, TEST_NAMESPACE,
207 Permission.Action.WRITE);
208
209 Result result = acl.get(new Get(Bytes.toBytes(userTestNamespace)));
210 assertTrue(result != null);
211 perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
212 assertEquals(7, perms.size());
213 List<TablePermission> namespacePerms = perms.get(userTestNamespace);
214 assertTrue(perms.containsKey(userTestNamespace));
215 assertEquals(1, namespacePerms.size());
216 assertEquals(TEST_NAMESPACE,
217 namespacePerms.get(0).getNamespace());
218 assertEquals(null, namespacePerms.get(0).getFamily());
219 assertEquals(null, namespacePerms.get(0).getQualifier());
220 assertEquals(1, namespacePerms.get(0).getActions().length);
221 assertEquals(Permission.Action.WRITE, namespacePerms.get(0).getActions()[0]);
222
223
224 revokeFromNamespace(UTIL, userTestNamespace, TEST_NAMESPACE,
225 Permission.Action.WRITE);
226
227 perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
228 assertEquals(6, perms.size());
229 }
230 }
231
232 @Ignore @Test
233 public void testModifyNamespace() throws Exception {
234 AccessTestAction modifyNamespace = new AccessTestAction() {
235 @Override
236 public Object run() throws Exception {
237 ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV, null),
238 NamespaceDescriptor.create(TEST_NAMESPACE).addConfiguration("abc", "156").build());
239 return null;
240 }
241 };
242
243
244 verifyAllowed(modifyNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
245 verifyDenied(modifyNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
246 USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
247 USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
248 }
249
250 @Ignore @Test
251 public void testCreateAndDeleteNamespace() throws Exception {
252 AccessTestAction createNamespace = new AccessTestAction() {
253 @Override
254 public Object run() throws Exception {
255 ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(CP_ENV, null),
256 NamespaceDescriptor.create(TEST_NAMESPACE2).build());
257 return null;
258 }
259 };
260
261 AccessTestAction deleteNamespace = new AccessTestAction() {
262 @Override
263 public Object run() throws Exception {
264 ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(CP_ENV, null),
265 TEST_NAMESPACE2);
266 return null;
267 }
268 };
269
270
271 verifyAllowed(createNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
272
273 verifyDenied(createNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
274 USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
275 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
276
277
278 verifyAllowed(deleteNamespace, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
279 verifyDenied(deleteNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
280 USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
281 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
282 }
283
284 @Ignore @Test
285 public void testGetNamespaceDescriptor() throws Exception {
286 AccessTestAction getNamespaceAction = new AccessTestAction() {
287 @Override
288 public Object run() throws Exception {
289 ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(CP_ENV, null),
290 TEST_NAMESPACE);
291 return null;
292 }
293 };
294
295 verifyAllowed(getNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,
296 USER_GROUP_ADMIN);
297 verifyDenied(getNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
298 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
299 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
300 }
301
302 @Ignore @Test
303 public void testListNamespaces() throws Exception {
304 AccessTestAction listAction = new AccessTestAction() {
305 @Override
306 public Object run() throws Exception {
307 Connection unmanagedConnection =
308 ConnectionFactory.createConnection(UTIL.getConfiguration());
309 Admin admin = unmanagedConnection.getAdmin();
310 try {
311 return Arrays.asList(admin.listNamespaceDescriptors());
312 } finally {
313 admin.close();
314 unmanagedConnection.close();
315 }
316 }
317 };
318
319
320
321
322 verifyAllowed(listAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
323
324
325 assertEquals(4, ((List)SUPERUSER.runAs(listAction)).size());
326 assertEquals(4, ((List)USER_GLOBAL_ADMIN.runAs(listAction)).size());
327 assertEquals(4, ((List)USER_GROUP_ADMIN.runAs(listAction)).size());
328
329 assertEquals(2, ((List)USER_NS_ADMIN.runAs(listAction)).size());
330
331 assertEquals(0, ((List)USER_GLOBAL_CREATE.runAs(listAction)).size());
332 assertEquals(0, ((List)USER_GLOBAL_WRITE.runAs(listAction)).size());
333 assertEquals(0, ((List)USER_GLOBAL_READ.runAs(listAction)).size());
334 assertEquals(0, ((List)USER_GLOBAL_EXEC.runAs(listAction)).size());
335 assertEquals(0, ((List)USER_NS_CREATE.runAs(listAction)).size());
336 assertEquals(0, ((List)USER_NS_WRITE.runAs(listAction)).size());
337 assertEquals(0, ((List)USER_NS_READ.runAs(listAction)).size());
338 assertEquals(0, ((List)USER_NS_EXEC.runAs(listAction)).size());
339 assertEquals(0, ((List)USER_TABLE_CREATE.runAs(listAction)).size());
340 assertEquals(0, ((List)USER_TABLE_WRITE.runAs(listAction)).size());
341 assertEquals(0, ((List)USER_GROUP_CREATE.runAs(listAction)).size());
342 assertEquals(0, ((List)USER_GROUP_READ.runAs(listAction)).size());
343 assertEquals(0, ((List)USER_GROUP_WRITE.runAs(listAction)).size());
344 }
345
346 @Ignore @Test
347 public void testGrantRevoke() throws Exception{
348 final String testUser = "testUser";
349
350
351
352 AccessTestAction grantAction = new AccessTestAction() {
353 @Override
354 public Object run() throws Exception {
355 try(Connection conn = ConnectionFactory.createConnection(conf);
356 Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
357 BlockingRpcChannel service =
358 acl.coprocessorService(HConstants.EMPTY_START_ROW);
359 AccessControlService.BlockingInterface protocol =
360 AccessControlService.newBlockingStub(service);
361 ProtobufUtil.grant(null, protocol, testUser, TEST_NAMESPACE, Action.WRITE);
362 }
363 return null;
364 }
365 };
366
367 AccessTestAction grantNamespaceAction = new AccessTestAction() {
368 @Override
369 public Object run() throws Exception {
370 try(Connection conn = ConnectionFactory.createConnection(conf);
371 Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
372 BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
373 AccessControlService.BlockingInterface protocol =
374 AccessControlService.newBlockingStub(service);
375 ProtobufUtil.grant(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),
376 TEST_NAMESPACE, Action.READ);
377 }
378 return null;
379 }
380 };
381
382 AccessTestAction revokeAction = new AccessTestAction() {
383 @Override
384 public Object run() throws Exception {
385 try(Connection conn = ConnectionFactory.createConnection(conf);
386 Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
387 BlockingRpcChannel service =
388 acl.coprocessorService(HConstants.EMPTY_START_ROW);
389 AccessControlService.BlockingInterface protocol =
390 AccessControlService.newBlockingStub(service);
391 ProtobufUtil.revoke(null, protocol, testUser, TEST_NAMESPACE, Action.WRITE);
392 }
393 return null;
394 }
395 };
396
397 AccessTestAction revokeNamespaceAction = new AccessTestAction() {
398 @Override
399 public Object run() throws Exception {
400 Connection connection = ConnectionFactory.createConnection(conf);
401 Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME);
402 try {
403 BlockingRpcChannel service =
404 acl.coprocessorService(HConstants.EMPTY_START_ROW);
405 AccessControlService.BlockingInterface protocol =
406 AccessControlService.newBlockingStub(service);
407 ProtobufUtil.revoke(null, protocol, USER_GROUP_NS_ADMIN.getShortName(),
408 TEST_NAMESPACE, Action.READ);
409 } finally {
410 acl.close();
411 connection.close();
412 }
413 return null;
414 }
415 };
416
417 AccessTestAction getPermissionsAction = new AccessTestAction() {
418 @Override
419 public Object run() throws Exception {
420 try(Connection conn = ConnectionFactory.createConnection(conf);
421 Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
422 BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
423 AccessControlService.BlockingInterface protocol =
424 AccessControlService.newBlockingStub(service);
425 ProtobufUtil.getUserPermissions(null, protocol, Bytes.toBytes(TEST_NAMESPACE));
426 }
427 return null;
428 }
429 };
430
431 verifyAllowed(grantAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
432 verifyDenied(grantAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
433 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
434 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
435
436 verifyAllowed(grantNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,
437 USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
438 verifyDenied(grantNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
439 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
440 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
441
442 verifyAllowed(revokeAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
443 verifyDenied(revokeAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
444 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
445 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
446
447 verifyAllowed(revokeNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN,
448 USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
449 verifyDenied(revokeNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
450 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
451 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
452
453 verifyAllowed(getPermissionsAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN,
454 USER_GROUP_ADMIN);
455 verifyDenied(getPermissionsAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
456 USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
457 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
458 }
459
460 @Ignore @Test
461 public void testCreateTableWithNamespace() throws Exception {
462 AccessTestAction createTable = new AccessTestAction() {
463 @Override
464 public Object run() throws Exception {
465 HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(TEST_TABLE));
466 htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
467 ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, null);
468 return null;
469 }
470 };
471
472
473 verifyAllowed(createTable, SUPERUSER, USER_GLOBAL_CREATE, USER_NS_CREATE, USER_GROUP_CREATE);
474 verifyDenied(createTable, USER_GLOBAL_ADMIN, USER_GLOBAL_WRITE, USER_GLOBAL_READ,
475 USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC,
476 USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_ADMIN);
477 }
478 }