Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
The authorize(), permissionGranted(), and requirePermission() methods in AccessController have organically grown as both the HBase client API and the AccessController itself have evolved, and now have several problems:
- Code duplication (minor)
- Unused variants (minor)
- Signatures optimized for checking certain operations that have a familyMap. Unfortunately different operations have different ideas of what type a familyMap should be. This leads to runtime type checking and the need to convert one family map to another (e.g. Map<byte[], NavigableMap<byte[],Object>> to Map<byte[], Set<byte[]>> (That kind of conversion code in a hot path hurts to look at.) There are too many Java collection type combinations floating around. Some of this should be approached at the client API level too, for example with
HBASE-7114.
- Only one Permission.Action can be checked at a time. We should really convert these into a bitmap if multiple actions need checking and pass that around instead.
Attachments
Issue Links
- incorporates
-
HBASE-11095 Add ip restriction in user permissions
-
- Closed
-
- is related to
-
HBASE-7114 Increment does not extend Mutation but probably should
-
- Closed
-
-
-
- Closed
-