[ https://issues.apache.org/jira/browse/HBASE-8692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735456#comment-13735456 ]
Francis Liu commented on HBASE-8692: ------------------------------------ {quote} Yes that is the intent, but it is a side effect of the fact the API used by the shell retrieves descriptors. {quote} I see, that needs to be fixed then opened HBASE-9182 {quote} This patch doesn't block access to the UI. We may be talking past each other. {quote} No sorry I got your message. Using the wrong words. What I meant to say was instead of recommending to protect the page. Secure it instead. {quote} The secure deployment model I use is only admins/operations see the UIs. Is there a JIRA open for presenting different levels of information on the UI to users authenticating with different levels of privilege? I haven't seen it. Should we have one? {quote} I think we should as the other components behave in such a manner, created HBASE-9183. > [AccessController] Restrict HTableDescriptor enumeration > -------------------------------------------------------- > > Key: HBASE-8692 > URL: https://issues.apache.org/jira/browse/HBASE-8692 > Project: HBase > Issue Type: Improvement > Components: Coprocessors, security > Affects Versions: 0.98.0, 0.95.1, 0.94.9 > Reporter: Andrew Purtell > Assignee: Andrew Purtell > Fix For: 0.98.0, 0.95.2, 0.94.9 > > Attachments: 8692-0.94.patch, 8692-0.94.patch, 8692-0.94.patch, > 8692-0.94.patch, 8692.patch, 8692.patch, 8692.patch, 8692.patch > > > Some users are concerned about having table schema exposed to every user and > would like it protected, similar to the rest of the admin operations for > schema. > This used to be hopeless because META would leak HTableDescriptors in > HRegionInfo, but that is no longer the case in 0.94+. > Consider adding CP hooks in the master for intercepting > HMasterInterface#getHTableDescriptors and > HMasterInterface#getHTableDescriptors(List<String>). Add support in the > AccessController for only allowing GLOBAL ADMIN to the first method. Add > support in the AccessController for allowing access to the descriptors for > the table names in the list of the second method only if the user has TABLE > ADMIN privilege for all of the listed table names. > Then, fix the code in HBaseAdmin (and elsewhere) that expects to be able to > enumerate all table descriptors e.g. in deleteTable. A TABLE ADMIN can delete > a table but won’t have GLOBAL ADMIN privilege to enumerate the total list. So > a minor fixup is needed here, and in other places like this which make the > same assumption. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira