[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292206#comment-14292206
]
Andrew Purtell commented on HBASE-12916:
----------------------------------------
RSO seems like a good place to hang a new hook.
The style of pre- CP hooks is to give the observer access to available
information to make an informed authoritative decision. So
RegionServerObserver#preReplicateLogEntries should accept the same arguments as
ReplicationSinkService#replicateLogEntries, like:
{code}
+ void preReplicateLogEntries(final
ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+ List<WALEntry> entries, CellScanner cells) throws IOException;
{code}
> No access control for replicating WAL entries
> ---------------------------------------------
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
> Affects Versions: 2.0.0, 0.94.26, 0.98.12
> Reporter: Liu Shaohui
> Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
