[ https://issues.apache.org/jira/browse/HBASE-19400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16333040#comment-16333040 ]
Appy commented on HBASE-19400: ------------------------------ If that's the case, then probably put it in wider scope (can't have security loss). I haven't dug much into code...waiting for first iteration here to highlight more implementation level issues before digging. Maybe we can refactor those hooks to better places. Let's see. > Add missing security hooks for MasterService RPCs > ------------------------------------------------- > > Key: HBASE-19400 > URL: https://issues.apache.org/jira/browse/HBASE-19400 > Project: HBase > Issue Type: Sub-task > Affects Versions: 2.0.0-beta-1 > Reporter: Balazs Meszaros > Assignee: Balazs Meszaros > Priority: Major > Attachments: HBASE-19400.master.001.patch, > HBASE-19400.master.002.patch > > > The following RPC methods do not call the observers, therefore they are not > guarded by AccessController: > - normalize > - setNormalizerRunning > - runCatalogScan > - enableCatalogJanitor > - runCleanerChore > - setCleanerChoreRunning > - execMasterService > - execProcedure > - execProcedureWithRet -- This message was sent by Atlassian JIRA (v7.6.3#76005)