[ https://issues.apache.org/jira/browse/HBASE-19318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263007#comment-16263007 ]
Anoop Sam John commented on HBASE-19318: ---------------------------------------- I agree that some changes broke Ranger. bq.I'm really confused by your suggestion that authz is not meant to be pluggable inside of HBase. Are we allowing plugging in? Sorry I don't think so. Pls correct me if u find else in some other place. This is the whole point I wanted to bring about. > MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase > AccessController implementation > --------------------------------------------------------------------------------------------------------- > > Key: HBASE-19318 > URL: https://issues.apache.org/jira/browse/HBASE-19318 > Project: HBase > Issue Type: Bug > Components: master, security > Reporter: Sharmadha Sainath > Assignee: Josh Elser > Priority: Critical > Fix For: 1.4.0, 1.3.2, 1.2.7, 2.0.0-beta-1 > > > Sharmadha brought a failure to my attention trying to use Ranger with HBase > 2.0 where the {{grant}} command was erroring out unexpectedly. The cluster > had the Ranger-specific coprocessors deployed, per what was previously > working on the HBase 1.1 line. > After some digging, I found that the the Master is actually making a check > explicitly for a Coprocessor that has the name > {{org.apache.hadoop.hbase.security.access.AccessController}} (short name or > full name), instead of looking for a deployed coprocessor which can be > assigned to {{AccessController}} (which is what Ranger does). We have the > CoprocessorHost methods to do the latter already implemented; it strikes me > that we just accidentally used the wrong method in MasterRpcServices. -- This message was sent by Atlassian JIRA (v6.4.14#64029)