[
https://issues.apache.org/jira/browse/HBASE-19400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16333020#comment-16333020
]
Appy commented on HBASE-19400:
------------------------------
bq. What about access control decisions that are made in the RegionServer
context? Neither of those places seem good then. Something shared among all
roles.
I thought about HRegionServer initially for that reason, but didn't suggest it
because it just exposes AccessChecker to *everything* in a RS/Master process. I
wanted to limit its scope to prevent it's use all over the code base because it
seems like we'll need access check only when some request (rpc) comes asking
for some operation. It'll be easier to maintain and reason about our AC (Access
control) system when all requests get vetted at entry point in
{Rs/Master}RpcServices. With that thought, the best scope for it seemed Rpc
classes.
Of course if a good case arises in future which requires AC at wider scope, we
can always do that.
> Add missing security hooks for MasterService RPCs
> -------------------------------------------------
>
> Key: HBASE-19400
> URL: https://issues.apache.org/jira/browse/HBASE-19400
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 2.0.0-beta-1
> Reporter: Balazs Meszaros
> Assignee: Balazs Meszaros
> Priority: Major
> Attachments: HBASE-19400.master.001.patch,
> HBASE-19400.master.002.patch
>
>
> The following RPC methods do not call the observers, therefore they are not
> guarded by AccessController:
> - normalize
> - setNormalizerRunning
> - runCatalogScan
> - enableCatalogJanitor
> - runCleanerChore
> - setCleanerChoreRunning
> - execMasterService
> - execProcedure
> - execProcedureWithRet
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
