[
https://issues.apache.org/jira/browse/HBASE-17115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15670920#comment-15670920
]
Arshad Mohammad commented on HBASE-17115:
-----------------------------------------
{{org.apache.hadoop.hbase.http.HttpServer}} has instance of
{{org.apache.hadoop.security.authorize.AccessControlList}} but this is not set
from anywhere.
May be we can introduce one new property hbase.admin.acl in hbase
{code}
/** ACL of who can be admin of HBase web URLs*/
public static final String HBASE_ADMIN_ACL ="hbase.admin.acl";
public static final String DEFAULT_HBASE_ADMIN_ACL = "*";
{code}
and initialize AccessControlList and set in InfoServer
{code}
builder.setACL(new AccessControlList(c.get(
HConstants.HBASE_ADMIN_ACL,
HConstants.DEFAULT_HBASE_ADMIN_ACL)));
{code}
> HMaster/HRegion Info Server does not honour admin.acl
> -----------------------------------------------------
>
> Key: HBASE-17115
> URL: https://issues.apache.org/jira/browse/HBASE-17115
> Project: HBase
> Issue Type: Bug
> Reporter: Arshad Mohammad
>
> Currently there is no way to enable protected URLs like /jmx, /conf only
> for admins. This is applicable for both Master and RegionServer.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
