[ https://issues.apache.org/jira/browse/HBASE-24345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103735#comment-17103735 ]
Anoop Sam John commented on HBASE-24345: ---------------------------------------- Ya [~pankajkumar] is coming with a scenario where the RSGroup admin ops are used with Ranger based authorization. This wont work in 1.x and 2.x versions! >IMO, branch-2 AcecssController should have hooks for RSGroup Admin APIs. But in 2.x and 1.x versions it is implemented as a Master CPEP. RSGroupAdminEndpoint is already a MasterObserver. So implementing the RSGroup admin API's access check via a hook will be hacky thing even if possible I believe. cc [~stack], [~apurtell] > [ACL] renameRSGroup should require Admin level permission > --------------------------------------------------------- > > Key: HBASE-24345 > URL: https://issues.apache.org/jira/browse/HBASE-24345 > Project: HBase > Issue Type: Improvement > Components: acl, rsgroup > Reporter: Reid Chan > Assignee: Reid Chan > Priority: Major > > Currently renameRSgroup can be called by anyone without permission -- This message was sent by Atlassian Jira (v8.3.4#803005)