[jira] [Commented] (HBASE-19483) Add proper privilege check for rsgroup commands

Fri, 22 Dec 2017 14:54:47 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16302060#comment-16302060
 ] 

Appy commented on HBASE-19483:
------------------------------

[~andrewcheng] raises a good question on rb:
bq. If using AccessChecker.isAuthorizationSupported, should we need to set the 
default value of hbase.security.authorization to false? If not, it may happen 
that the value of hbase.security.authorization is true, but AccessController is 
not added to the server. Only the RSGroup enable authorization. However,we 
can't update the permission informations because it depends on 
AccessController.Is this OK?

Currently default value is true.
Used by AccessController and VisibilityController.
So i guess the assumption is, if these CPs are specified in hbase.cp.*.classes 
config, it's assumed that security is enabled unless that config is explicitly 
set to false.
Comment in code says:
 /** if we are active, usually true, only not true if 
"hbase.security.authorization" has been set to false in site configuration */
But that implicit assumption of "security is On if cp is loaded" isn't true for 
rsgroup cp. And checking for other CP names in config value to decide if 
security is on  is not a good design.
Can't think of any other way than changing default value, updating doc, and 
especially calling out in upgrading section.




> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
>                 Key: HBASE-19483
>                 URL: https://issues.apache.org/jira/browse/HBASE-19483
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Guangxu Cheng
>             Fix For: 1.4.1, 1.5.0, 2.0.0-beta-2
>
>         Attachments: HBASE-19483.master.001.patch, 
> HBASE-19483.master.002.patch, HBASE-19483.master.003.patch, 
> HBASE-19483.master.004.patch, HBASE-19483.master.005.patch, 
> HBASE-19483.master.006.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and 
> list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup / 
> get_rsgroup commands.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to