ShiXing created HBASE-6292:
------------------------------
Summary: Compact can skip the security access control
Key: HBASE-6292
URL: https://issues.apache.org/jira/browse/HBASE-6292
Project: HBase
Issue Type: Bug
Components: security
Reporter: ShiXing
Assignee: ShiXing
When client sends compact command to rs, the rs just create a
CompactionRequest, and then put it into the thread pool to process the
CompactionRequest. And when the region do the compact, it uses the rs's ugi to
process the compact, so the compact can successfully done.
Example:
user "mapred" do not have permission "Admin",
{code}
hbase(main):001:0> user_permission 'Security'
User Table,Family,Qualifier:Permission
mapred Security,f1,c1: [Permission:
actions=READ,WRITE]
hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9'
0 row(s) in 0.0590 seconds
hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10'
0 row(s) in 0.0040 seconds
hbase(main):006:0> compact 'Security'
0 row(s) in 0.0260 seconds
{code}
Maybe we can add permission check in the preCompactSelection() ?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
