ShiXing created HBASE-6292: ------------------------------ Summary: Compact can skip the security access control Key: HBASE-6292 URL: https://issues.apache.org/jira/browse/HBASE-6292 Project: HBase Issue Type: Bug Components: security Reporter: ShiXing Assignee: ShiXing
When client sends compact command to rs, the rs just create a CompactionRequest, and then put it into the thread pool to process the CompactionRequest. And when the region do the compact, it uses the rs's ugi to process the compact, so the compact can successfully done. Example: user "mapred" do not have permission "Admin", {code} hbase(main):001:0> user_permission 'Security' User Table,Family,Qualifier:Permission mapred Security,f1,c1: [Permission: actions=READ,WRITE] hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9' 0 row(s) in 0.0590 seconds hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10' 0 row(s) in 0.0040 seconds hbase(main):006:0> compact 'Security' 0 row(s) in 0.0260 seconds {code} Maybe we can add permission check in the preCompactSelection() ? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira