Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-19483

Add proper privilege check for rsgroup commands

    Details

    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Hide
      This JIRA aims at refactoring AccessController, using ACL as core library in CPs.
      1. Stripping out a public class AccessChecker from AccessController, using ACL as core library in CPs. AccessChecker don't have any dependency on anything CP related. Create it's instance from other CPS.
      2. Change the default value of hbase.security.authorization to false.
      3. Don't use CP hooks to check access in RSGroup. Use the access checker instance directly in functions of RSGroupAdminServiceImpl.
      Show
      This JIRA aims at refactoring AccessController, using ACL as core library in CPs. 1. Stripping out a public class AccessChecker from AccessController, using ACL as core library in CPs. AccessChecker don't have any dependency on anything CP related. Create it's instance from other CPS. 2. Change the default value of hbase.security.authorization to false. 3. Don't use CP hooks to check access in RSGroup. Use the access checker instance directly in functions of RSGroupAdminServiceImpl.

      Description

      Currently list_rsgroups command can be executed by any user.

      This is inconsistent with other list commands such as list_peers and list_peer_configs.

      We should add proper privilege check for list_rsgroups command.

      privilege check should be added for get_table_rsgroup / get_server_rsgroup / get_rsgroup commands.

        Attachments

        1. HBASE-19483.branch-1.addendum.patch
          34 kB
          Guangxu Cheng
        2. HBASE-19483.addendum-1.patch
          2 kB
          Guangxu Cheng
        3. HBASE-19483.branch-1.001.patch
          146 kB
          Guangxu Cheng
        4. HBASE-19483.branch-2.003.patch
          171 kB
          Guangxu Cheng
        5. HBASE-19483.addendum.patch
          18 kB
          Guangxu Cheng
        6. HBASE-19483.branch-2.002.patch
          172 kB
          Guangxu Cheng
        7. HBASE-19483.branch-2.001.patch
          171 kB
          Guangxu Cheng
        8. HBASE-19483.master.014.patch
          143 kB
          Guangxu Cheng
        9. HBASE-19483.master.013.patch
          142 kB
          Guangxu Cheng
        10. HBASE-19483.master.012.patch
          154 kB
          Guangxu Cheng
        11. 19483.v11.patch
          155 kB
          Ted Yu
        12. HBASE-19483.master.011.patch
          157 kB
          Guangxu Cheng
        13. 19483.v11.patch
          157 kB
          Ted Yu
        14. 19483.master.011.patch
          157 kB
          Ted Yu
        15. HBASE-19483.master.011.patch
          157 kB
          Guangxu Cheng
        16. HBASE-19483.master.010.patch
          128 kB
          Guangxu Cheng
        17. HBASE-19483.master.009.patch
          135 kB
          Guangxu Cheng
        18. HBASE-19483.master.008.patch
          131 kB
          Guangxu Cheng
        19. HBASE-19483.master.007.patch
          112 kB
          Guangxu Cheng
        20. HBASE-19483.master.006.patch
          108 kB
          Guangxu Cheng
        21. HBASE-19483.master.005.patch
          115 kB
          Guangxu Cheng
        22. HBASE-19483.master.004.patch
          115 kB
          Guangxu Cheng
        23. HBASE-19483.master.003.patch
          15 kB
          Guangxu Cheng
        24. HBASE-19483.master.002.patch
          15 kB
          Guangxu Cheng
        25. HBASE-19483.master.001.patch
          12 kB
          Guangxu Cheng

          Issue Links

            Activity

              People

              • Assignee:
                andrewcheng Guangxu Cheng
                Reporter:
                yuzhihong@gmail.com Ted Yu
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: