+1 for relaxing the permission. While I haven't gone through the history, it seems that requiring ADMIN for listDecomm operation might be an oversight.
Unless it is really big deal from compatibility viewpoint, I think we should be fine relaxing this. On Mon, Feb 26, 2024 at 8:55 PM Rushabh Shah <rushabh.s...@salesforce.com.invalid> wrote: > Hi hbase-dev, > > Why do we need ADMIN permissions for > AccessController#preListDecommissionedRegionServers > API ? > > From Phoenix, we are calling Admin#getRegionServers(true) where the > argument excludeDecommissionedRS is set to true. [1] > If excludeDecommissionedRS is set to true and if we have > AccessController co-proc > attached, it requires ADMIN permissions to execute > listDecommissionedRegionServers RPC. [2] > Snippet below > > @Override > public void > preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> > ctx) > throws IOException { > requirePermission(ctx, "listDecommissionedRegionServers", > Action.ADMIN); > } > > I understand that we need ADMIN permissions > for preDecommissionRegionServers and preRecommissionRegionServers because > it changes the membership of regionservers but I don’t see any need for > ADMIN permissions for listDecommissionedRegionServers. > > Does anyone have objections if we relax the requirement to READ permissions > instead of ADMIN permissions? > > I have created HBASE-28391 > <https://issues.apache.org/jira/browse/HBASE-28391> to implement this. > Thank you ! > > > 1. > > https://github.com/apache/hbase/blob/branch-2.5/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java#L1721-L1730 > > 2. > > https://github.com/apache/hbase/blob/branch-2.5/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java#L1205-L1207 >