[HBASE-13275] Setting hbase.security.authorization to false does not disable authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.1, 1.1.0, 0.98.12, 2.0.0
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed
Release Note:

Hide
Prior to this change the configuration setting 'hbase.security.authorization' had no effect if security coprocessor were installed. The act of installing the security coprocessors was assumed to indicate active authorizaton was desired and required. Now it is possible to install the security coprocessors yet have them operate in a passive state with active authorization disabled by setting 'hbase.security.authorization' to false. This can be useful but is probably not what you want. For more information, consult the Security section of the HBase online manual.

'hbase.security.authorization' defaults to true for backwards comptatible behavior.

Show
Prior to this change the configuration setting 'hbase.security.authorization' had no effect if security coprocessor were installed. The act of installing the security coprocessors was assumed to indicate active authorizaton was desired and required. Now it is possible to install the security coprocessors yet have them operate in a passive state with active authorization disabled by setting 'hbase.security.authorization' to false. This can be useful but is probably not what you want. For more information, consult the Security section of the HBase online manual. 'hbase.security.authorization' defaults to true for backwards comptatible behavior.

Description

According to the docs provided by Cloudera (we're not running Cloudera, BTW), this is the list of configs to enable authorization in HBase:

<property>
     <name>hbase.security.authorization</name>
     <value>true</value>
</property>
<property>
     <name>hbase.coprocessor.master.classes</name>
     <value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
     <name>hbase.coprocessor.region.classes</name>
     <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>

We wanted to then disable authorization but simply setting hbase.security.authorization to false did not disable the authorization

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-13275-branch-1.patch
06/Apr/15 04:25
113 kB
Andrew Kyle Purtell
HBASE-13275-branch-1.patch
06/Apr/15 05:28
113 kB
Andrew Kyle Purtell
HBASE-13275-0.98.patch
06/Apr/15 05:28
113 kB
Andrew Kyle Purtell
HBASE-13275-0.98.patch
06/Apr/15 17:45
113 kB
Andrew Kyle Purtell
HBASE-13275.patch
21/Mar/15 02:10
57 kB
Andrew Kyle Purtell
HBASE-13275.patch
26/Mar/15 01:18
46 kB
Andrew Kyle Purtell
HBASE-13275.patch
06/Apr/15 03:48
115 kB
Andrew Kyle Purtell
HBASE-13275.patch
06/Apr/15 05:28
115 kB
Andrew Kyle Purtell

Sub-Tasks

Document the implications of installing security coprocessors with hbase.security.authorization as false

Closed

Unassigned

Activity

People

Assignee:: Andrew Kyle Purtell

Reporter:: William Watson

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 18/Mar/15 19:36

Updated:: 22/Dec/15 06:34

Resolved:: 10/Apr/15 05:09