[
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13857648#comment-13857648
]
Andrew Purtell commented on HBASE-6104:
---------------------------------------
If TestAccessController is green after HBASE-10239 for a few trunk builds, my
plan is to try committing this change again, but only to trunk.
> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
> Key: HBASE-6104
> URL: https://issues.apache.org/jira/browse/HBASE-6104
> Project: HBase
> Issue Type: New Feature
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Andrew Purtell
> Fix For: 0.99.0
>
> Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch,
> 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control. It
> should really be used to enforce access to coprocessor endpoint RPC calls,
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they
> could additionally apply their own permission checks? Some CP endpoints may
> want to require READ permissions, others may want to enforce WRITE, or READ +
> WRITE.
> To apply these kinds of checks we would also have to extend the
> RegionObserver interface to provide hooks wrapping HRegion.exec().
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
