[ https://issues.apache.org/jira/browse/HBASE-28391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rushabh Shah resolved HBASE-28391. ---------------------------------- Fix Version/s: 2.6.0 2.4.18 4.0.0-alpha-1 2.7.0 2.5.8 3.0.0-beta-2 Resolution: Fixed > Remove the need for ADMIN permissions for listDecommissionedRegionServers > ------------------------------------------------------------------------- > > Key: HBASE-28391 > URL: https://issues.apache.org/jira/browse/HBASE-28391 > Project: HBase > Issue Type: Bug > Components: Admin > Affects Versions: 2.4.17, 2.5.7 > Reporter: Rushabh Shah > Assignee: Rushabh Shah > Priority: Major > Labels: pull-request-available > Fix For: 2.6.0, 2.4.18, 4.0.0-alpha-1, 2.7.0, 2.5.8, 3.0.0-beta-2 > > > Why we need {{ADMIN}} permissions for > {{AccessController#preListDecommissionedRegionServers}} ? > From Phoenix, we are calling {{Admin#getRegionServers(true)}} where the > argument {{excludeDecommissionedRS}} is set to true. Refer > [here|https://github.com/apache/hbase/blob/branch-2.5/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java#L1721-L1730]. > If {{excludeDecommissionedRS}} is set to true and if we have > {{AccessController}} co-proc attached, it requires ADMIN permissions to > execute {{listDecommissionedRegionServers}} RPC. Refer > [here|https://github.com/apache/hbase/blob/branch-2.5/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java#L1205-L1207]. > > {code:java} > @Override > public void > preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> > ctx) > throws IOException { > requirePermission(ctx, "listDecommissionedRegionServers", Action.ADMIN); > } > {code} > I understand that we need ADMIN permissions for > _preDecommissionRegionServers_ and _preRecommissionRegionServer_ because it > changes the membership of regionservers but I don’t see any need for ADMIN > permissions for _listDecommissionedRegionServers_. Do you think we can > remove need for ADMIN permissions for _listDecommissionedRegionServers_ RPC? -- This message was sent by Atlassian Jira (v8.20.10#820010)