[
https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289327#comment-16289327
]
Ted Yu commented on HBASE-19483:
--------------------------------
bq. The perm check should be baked into RSGroup
The hooks in Guangxu's patch were not the first such hook.
Some existing hooks:
{code}
public void
preMoveServersAndTables(ObserverContext<MasterCoprocessorEnvironment> ctx,
...
public void preMoveServers(ObserverContext<MasterCoprocessorEnvironment> ctx,
{code}
Shall we discuss / implement RSGroup native access control in another JIRA ?
This JIRA fixes security hole in RSGroup.
What do you think [~stack] ?
> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
> Key: HBASE-19483
> URL: https://issues.apache.org/jira/browse/HBASE-19483
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Guangxu Cheng
> Attachments: HBASE-19483.master.001.patch,
> HBASE-19483.master.002.patch, HBASE-19483.master.003.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and
> list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup /
> get_rsgroup commands.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
