[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization

Mon, 23 Mar 2015 18:03:04 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14377030#comment-14377030
 ] 

Jerry He commented on HBASE-13275:
----------------------------------

bq. The idea is if the coprocessors are loaded but authorization is disabled, 
then we enter a passive mode where we maintain state, allow administrative 
actions (without authorization checks), carry forward cell tags, etc. I figure 
although it's weird if the coprocessors are loaded but authorization is 
disabled, there can be a use case for this. For example, the AccessController 
can be installed in a passive mode, the admin can issue grants, 
Trying to understand the above statement.  In this passive mode, anybody 
besides admin can grant permissions to themselves and others since there is no 
authorization checks, and permissions will remain after TURN ON?

> Setting hbase.security.authorization to false does not disable authorization
> ----------------------------------------------------------------------------
>
>                 Key: HBASE-13275
>                 URL: https://issues.apache.org/jira/browse/HBASE-13275
>             Project: HBase
>          Issue Type: Bug
>            Reporter: William Watson
>            Assignee: Andrew Purtell
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
>
>         Attachments: HBASE-13275.patch
>
>
> According to the docs provided by Cloudera (we're not running Cloudera, BTW), 
> this is the list of configs to enable authorization in HBase:
> {code}
> <property>
>      <name>hbase.security.authorization</name>
>      <value>true</value>
> </property>
> <property>
>      <name>hbase.coprocessor.master.classes</name>
>      <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
>      <name>hbase.coprocessor.region.classes</name>
>      
> <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> {code}
> We wanted to then disable authorization but simply setting 
> hbase.security.authorization to false did not disable the authorization



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to