Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-14475

Region split requests are always audited with "hbase" user rather than request user



    • Reviewed
    • Region observer notifications w.r.t. split request are now audited with request user through proper scope of doAs() calls.


      madhan.neethiraj from Ranger reported that when a region split request is initiated from the user, we always audit (and do the permission check) against the hbase user, not the request user.

      The issue is that a split request that is coming from the user is only processed at a later time from the CompactSplitThread asynchronously to the splitRegion RPC.
      RSRpcServices.splitRegion() only does a flush from the handler thread and then calls regionServer.compactSplitThread.requestSplit() which puts a SplitRequest to the split queue. The split request is handled by the split executor from CompactSplitThread.
      Since the split is actually executed from the compact split thread, the preSplit() for the AccessController is called from the executor thread. In this thread, we no longer have the user who initially requested the split, so the user in the context (UGI) is "hbase", causing the AC.preSplit() access control check to be always be performed against the hbase user, not the user who have submitted the request. The audit log also contains "hbase" user rather than the actual user.

      Luckily, the split forces a flush to the region in-line (from the handler thread), which requires a CREATE|ADMIN permission. split requires ADMIN, but due to this bug CREATE is also sufficient (although we have not verified it manually). CREATE permission can do flush and compactions, so this is not a security issue (I think).


        1. 14475-v2.txt
          18 kB
          Ted Yu
        2. 14475-branch-1-v2.txt
          18 kB
          Ted Yu
        3. 14475-v3.txt
          18 kB
          Ted Yu
        4. 14475-v3.txt
          18 kB
          Ted Yu
        5. 14475-branch-1-v3.txt
          18 kB
          Ted Yu
        6. 14475-0.98.txt
          17 kB
          Ted Yu
        7. HBASE-14475-branch-1.0.patch
          22 kB
          Andrew Kyle Purtell



            yuzhihong@gmail.com Ted Yu
            enis Enis Soztutar
            0 Vote for this issue
            11 Start watching this issue