[
https://issues.apache.org/jira/browse/HBASE-6068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13281397#comment-13281397
]
Anoop Sam John commented on HBASE-6068:
---------------------------------------
HBaseAdmin
isTableEnabled()
isTableEnabled()
disableTable()
These APIs will have the problem. All these making a call to
HConnectionManagerImpl.testTableOnlineState(byte [] tableName, boolean online),
which in turn try to read from ZK
Will read the path /hbase/table/<tabName> for which there is no global read
permission
> Secure HBase cluster : Client not able to call some admin APIs
> --------------------------------------------------------------
>
> Key: HBASE-6068
> URL: https://issues.apache.org/jira/browse/HBASE-6068
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.94.0
> Reporter: Anoop Sam John
>
> In case of secure cluster, we allow the HBase clients to read the zk nodes by
> providing the global read permissions to all for certain nodes. These nodes
> are the master address znode, root server znode and the clusterId znode. In
> ZKUtil.createACL() , we can see these node names are specially handled.
> But there are some other client side admin APIs which makes a read call into
> the zookeeper from the client. This include the isTableEnabled() call (May be
> some other. I have seen this). Here the client directly reads a node in the
> zookeeper ( node created for this table ) and the data is matched to know
> whether this is enabled or not.
> Now in secure cluster case any client can read zookeeper nodes which it needs
> for its normal operation like the master address and root server address.
> But what if the client calls this API? [isTableEnaled () ].
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
