[
https://issues.apache.org/jira/browse/HBASE-24345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103735#comment-17103735
]
Anoop Sam John commented on HBASE-24345:
----------------------------------------
Ya [~pankajkumar] is coming with a scenario where the RSGroup admin ops are
used with Ranger based authorization. This wont work in 1.x and 2.x
versions!
>IMO, branch-2 AcecssController should have hooks for RSGroup Admin APIs.
But in 2.x and 1.x versions it is implemented as a Master CPEP.
RSGroupAdminEndpoint is already a MasterObserver. So implementing the RSGroup
admin API's access check via a hook will be hacky thing even if possible I
believe.
cc [~stack], [~apurtell]
> [ACL] renameRSGroup should require Admin level permission
> ---------------------------------------------------------
>
> Key: HBASE-24345
> URL: https://issues.apache.org/jira/browse/HBASE-24345
> Project: HBase
> Issue Type: Improvement
> Components: acl, rsgroup
> Reporter: Reid Chan
> Assignee: Reid Chan
> Priority: Major
>
> Currently renameRSgroup can be called by anyone without permission
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
