Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Mailing thread ref: http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E
TLDR; HBASE-19400 messed up perms required for flushing a table.
Looks like flush and snapshot procedures are already doing permissions check as part of preTableFlush/preSnapshot hooks. However, LogRollMasterProcedureManager is missing access checks (elserj, can someone look at it?)
With that, it makes no sense to put an ADMIN perm requirement which was added by me in HBASE-19400. Removing it.
However, to make things better for future, i have made few design changes which will ensure 1) perm checks don't slip by mistake, 2) a suitable placeholder for checks for flush & snapshot when we remove AccessController for good.
Attachments
Attachments
Issue Links
- is related to
-
HBASE-19400 Add missing security checks in MasterRpcServices
- Resolved
-
HBASE-20199 Add test to prevent further permission regression around table flush and snapshot
- Resolved