Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-21481

[acl] Superuser's permissions should not be granted or revoked by any non-su global admin

    XMLWordPrintableJSON

Details

    • Hide
      HBASE-21481 improves the quality of access control, by strengthening the protection of super users's privileges.
      Show
      HBASE-21481 improves the quality of access control, by strengthening the protection of super users's privileges.

    Description

      Superusers are hbase.superuser listed in configuration and plus the one who start master process, these two may be overlap.

      A superuser must be a global admin, but a global admin may not be a superuser, possibly granted afterwards.

      For now, an non-su global admin with a Global.ADMIN permission can grant or revoke any superuser's permission, accidentally or deliberately.

      The purpose of this issue is to ban this action.

      Attachments

        1. HBASE-21481.master.001.patch
          20 kB
          Reid Chan
        2. HBASE-21481.master.002.patch
          21 kB
          Reid Chan
        3. HBASE-21481.master.003.patch
          21 kB
          Reid Chan
        4. HBASE-21481.master.004.patch
          21 kB
          Reid Chan
        5. HBASE-21481.master.005.patch
          21 kB
          Reid Chan
        6. HBASE-21481.master.006.patch
          21 kB
          Reid Chan
        7. HBASE-21481.master.007.patch
          21 kB
          Reid Chan
        8. HBASE-21481.master.008.patch
          22 kB
          Reid Chan
        9. HBASE-21481.master.009.patch
          22 kB
          Reid Chan
        10. HBASE-21481.master.010.patch
          21 kB
          Reid Chan
        11. HBASE-21481.master.011.patch
          21 kB
          Reid Chan
        12. HBASE-21481.master.012.patch
          21 kB
          Reid Chan
        13. HBASE-21481.master.013.patch
          21 kB
          Reid Chan
        14. HBASE-21481.master.014.patch
          28 kB
          Reid Chan
        15. HBASE-21481.master.014.patch
          28 kB
          Guanghao Zhang
        16. HBASE-21481.master.014.patch
          28 kB
          Reid Chan

        Issue Links

          links to

          Web Link Review Board

          Activity

            People

              reidchan Reid Chan
              reidchan Reid Chan
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: