+1 for relaxing the permission. While I haven't gone through the history,
it seems that requiring ADMIN for listDecomm operation might be an
oversight.
Unless it is really big deal from compatibility viewpoint, I think we
should be fine relaxing this.
On Mon, Feb 26, 2024 at 8:55 PM Rushabh Shah
<rushabh.s...@salesforce.com.invalid> wrote:
> Hi hbase-dev,
>
> Why do we need ADMIN permissions for
> AccessController#preListDecommissionedRegionServers
> API ?
>
> From Phoenix, we are calling Admin#getRegionServers(true) where the
> argument excludeDecommissionedRS is set to true. [1]
> If excludeDecommissionedRS is set to true and if we have
> AccessController co-proc
> attached, it requires ADMIN permissions to execute
> listDecommissionedRegionServers RPC. [2]
> Snippet below
>
> @Override
> public void
> preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment>
> ctx)
> throws IOException {
> requirePermission(ctx, "listDecommissionedRegionServers",
> Action.ADMIN);
> }
>
> I understand that we need ADMIN permissions
> for preDecommissionRegionServers and preRecommissionRegionServers because
> it changes the membership of regionservers but I don’t see any need for
> ADMIN permissions for listDecommissionedRegionServers.
>
> Does anyone have objections if we relax the requirement to READ permissions
> instead of ADMIN permissions?
>
> I have created HBASE-28391
> <https://issues.apache.org/jira/browse/HBASE-28391> to implement this.
> Thank you !
>
>
> 1.
>
> https://github.com/apache/hbase/blob/branch-2.5/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java#L1721-L1730
>
> 2.
>
> https://github.com/apache/hbase/blob/branch-2.5/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java#L1205-L1207
>
