[
https://issues.apache.org/jira/browse/HBASE-21481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704185#comment-16704185
]
Reid Chan commented on HBASE-21481:
-----------------------------------
Failed test passed locally, not related i think.
{code}
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.hadoop.hbase.client.TestRestoreSnapshotFromClientClone
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 81.502 s
- in org.apache.hadoop.hbase.client.TestRestoreSnapshotFromClientClone
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0
{code}
> [acl] Superuser's permissions should not be granted or revoked by any non-su
> global admin
> -----------------------------------------------------------------------------------------
>
> Key: HBASE-21481
> URL: https://issues.apache.org/jira/browse/HBASE-21481
> Project: HBase
> Issue Type: Improvement
> Reporter: Reid Chan
> Assignee: Reid Chan
> Priority: Major
> Labels: ACL, security-issue
> Fix For: 3.0.0, 2.2.0
>
> Attachments: HBASE-21481.master.001.patch,
> HBASE-21481.master.002.patch, HBASE-21481.master.003.patch,
> HBASE-21481.master.004.patch, HBASE-21481.master.005.patch,
> HBASE-21481.master.006.patch, HBASE-21481.master.007.patch,
> HBASE-21481.master.008.patch
>
>
> Superusers are {{hbase.superuser}} listed in configuration and plus the one
> who start master process, these two may be overlap.
> A superuser must be a global admin, but a global admin may not be a
> superuser, possibly granted afterwards.
> For now, an non-su global admin with a Global.ADMIN permission can grant or
> revoke any superuser's permission, accidentally or deliberately.
> The purpose of this issue is to ban this action.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
