[
https://issues.apache.org/jira/browse/HBASE-8692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735456#comment-13735456
]
Francis Liu commented on HBASE-8692:
------------------------------------
{quote}
Yes that is the intent, but it is a side effect of the fact the API used by the
shell retrieves descriptors.
{quote}
I see, that needs to be fixed then opened HBASE-9182
{quote}
This patch doesn't block access to the UI. We may be talking past each other.
{quote}
No sorry I got your message. Using the wrong words. What I meant to say was
instead of recommending to protect the page. Secure it instead.
{quote}
The secure deployment model I use is only admins/operations see the UIs. Is
there a JIRA open for presenting different levels of information on the UI to
users authenticating with different levels of privilege? I haven't seen it.
Should we have one?
{quote}
I think we should as the other components behave in such a manner, created
HBASE-9183.
> [AccessController] Restrict HTableDescriptor enumeration
> --------------------------------------------------------
>
> Key: HBASE-8692
> URL: https://issues.apache.org/jira/browse/HBASE-8692
> Project: HBase
> Issue Type: Improvement
> Components: Coprocessors, security
> Affects Versions: 0.98.0, 0.95.1, 0.94.9
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Fix For: 0.98.0, 0.95.2, 0.94.9
>
> Attachments: 8692-0.94.patch, 8692-0.94.patch, 8692-0.94.patch,
> 8692-0.94.patch, 8692.patch, 8692.patch, 8692.patch, 8692.patch
>
>
> Some users are concerned about having table schema exposed to every user and
> would like it protected, similar to the rest of the admin operations for
> schema.
> This used to be hopeless because META would leak HTableDescriptors in
> HRegionInfo, but that is no longer the case in 0.94+.
> Consider adding CP hooks in the master for intercepting
> HMasterInterface#getHTableDescriptors and
> HMasterInterface#getHTableDescriptors(List<String>). Add support in the
> AccessController for only allowing GLOBAL ADMIN to the first method. Add
> support in the AccessController for allowing access to the descriptors for
> the table names in the list of the second method only if the user has TABLE
> ADMIN privilege for all of the listed table names.
> Then, fix the code in HBaseAdmin (and elsewhere) that expects to be able to
> enumerate all table descriptors e.g. in deleteTable. A TABLE ADMIN can delete
> a table but won’t have GLOBAL ADMIN privilege to enumerate the total list. So
> a minor fixup is needed here, and in other places like this which make the
> same assumption.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
