apache /
kudu /
4e724988fb9dc6eeb8cd4b91f46760a03cfa5fde KUDU-2612 allow system user to read list of table replicas
It turned out that txn system client wasn't able to send BEGIN_COMMIT to
participating tablets if fine-grained authz is enabled. Its request to
get the list of tablets for a table was rejected: the system user isn't
granted the METADATA privilege on any of user tables, of course.
This patch addresses that deficiency, bypassing the fine-grained authz
for the MasterService::GetTabletLocations() RPC if the caller is a
service- or super-user. In addition, tests are added to make sure the
multi-row transaction API works as expected even in the presence of
fine-grained authorization.
Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5
Reviewed-on: http://gerrit.cloudera.org:8080/17529
Tested-by: Alexey Serbin <aserbin@cloudera.com>
Reviewed-by: Andrew Wong <awong@cloudera.com>
2 files changed