[HBASE-19483] Add proper privilege check for rsgroup commands - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.1, 2.0.0-beta-1, 2.0.0
Component/s: rsgroup, security
Labels:
None

Hadoop Flags:

Incompatible change, Reviewed
Release Note:

Hide
This JIRA aims at refactoring AccessController, using ACL as core library in CPs.
1. Stripping out a public class AccessChecker from AccessController, using ACL as core library in CPs. AccessChecker don't have any dependency on anything CP related. Create it's instance from other CPS.
2. Change the default value of hbase.security.authorization to false.
3. Don't use CP hooks to check access in RSGroup. Use the access checker instance directly in functions of RSGroupAdminServiceImpl.

Show
This JIRA aims at refactoring AccessController, using ACL as core library in CPs. 1. Stripping out a public class AccessChecker from AccessController, using ACL as core library in CPs. AccessChecker don't have any dependency on anything CP related. Create it's instance from other CPS. 2. Change the default value of hbase.security.authorization to false. 3. Don't use CP hooks to check access in RSGroup. Use the access checker instance directly in functions of RSGroupAdminServiceImpl.

Description

Currently list_rsgroups command can be executed by any user.

This is inconsistent with other list commands such as list_peers and list_peer_configs.

We should add proper privilege check for list_rsgroups command.

privilege check should be added for get_table_rsgroup / get_server_rsgroup / get_rsgroup commands.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

19483.master.011.patch
29/Dec/17 03:25
157 kB
Ted Yu
19483.v11.patch
29/Dec/17 09:15
155 kB
Ted Yu
19483.v11.patch
29/Dec/17 03:33
157 kB
Ted Yu
HBASE-19483.addendum.patch
09/Jan/18 09:45
18 kB
Guangxu Cheng
HBASE-19483.addendum-1.patch
10/Jan/18 10:45
2 kB
Guangxu Cheng
HBASE-19483.branch-1.001.patch
10/Jan/18 06:15
146 kB
Guangxu Cheng
HBASE-19483.branch-1.addendum.patch
11/Jan/18 04:11
34 kB
Guangxu Cheng
HBASE-19483.branch-2.001.patch
08/Jan/18 16:16
171 kB
Guangxu Cheng
HBASE-19483.branch-2.002.patch
09/Jan/18 02:25
172 kB
Guangxu Cheng
HBASE-19483.branch-2.003.patch
09/Jan/18 09:59
171 kB
Guangxu Cheng
HBASE-19483.master.001.patch
11/Dec/17 16:56
12 kB
Guangxu Cheng
HBASE-19483.master.002.patch
12/Dec/17 07:16
15 kB
Guangxu Cheng
HBASE-19483.master.003.patch
13/Dec/17 02:28
15 kB
Guangxu Cheng
HBASE-19483.master.004.patch
19/Dec/17 06:58
115 kB
Guangxu Cheng
HBASE-19483.master.005.patch
20/Dec/17 02:16
115 kB
Guangxu Cheng
HBASE-19483.master.006.patch
22/Dec/17 17:15
108 kB
Guangxu Cheng
HBASE-19483.master.007.patch
23/Dec/17 14:17
112 kB
Guangxu Cheng
HBASE-19483.master.008.patch
24/Dec/17 13:51
131 kB
Guangxu Cheng
HBASE-19483.master.009.patch
26/Dec/17 09:18
135 kB
Guangxu Cheng
HBASE-19483.master.010.patch
28/Dec/17 14:28
128 kB
Guangxu Cheng
HBASE-19483.master.011.patch
29/Dec/17 06:47
157 kB
Guangxu Cheng
HBASE-19483.master.011.patch
29/Dec/17 03:07
157 kB
Guangxu Cheng
HBASE-19483.master.012.patch
05/Jan/18 15:26
154 kB
Guangxu Cheng
HBASE-19483.master.013.patch
08/Jan/18 11:49
142 kB
Guangxu Cheng
HBASE-19483.master.014.patch
08/Jan/18 15:42
143 kB
Guangxu Cheng

Issue Links

is related to

HBASE-19518 Moving the bulk load hooks to SecureBulkLoadEndpoint

Open

links to

Review Board (master)

Activity

People

Assignee:: Guangxu Cheng

Reporter:: Ted Yu

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 11/Dec/17 00:41

Updated:: 01/Feb/19 20:20

Resolved:: 11/Jan/18 19:01