[
https://issues.apache.org/jira/browse/HBASE-6292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13404667#comment-13404667
]
ShiXing commented on HBASE-6292:
--------------------------------
@Andrew, I see the ACL Matrix in HBASE-6192
{code}
RegionServer | CompactSelection | REGION | INTERNAL | NA
{code}
And this patch has changed it by add preCompactSelection requirePermission().
Should we change the doc for the ACL Matrix?
> Compact can skip the security access control
> --------------------------------------------
>
> Key: HBASE-6292
> URL: https://issues.apache.org/jira/browse/HBASE-6292
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: ShiXing
> Assignee: ShiXing
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6292-trunk-V1.patch
>
>
> When client sends compact command to rs, the rs just create a
> CompactionRequest, and then put it into the thread pool to process the
> CompactionRequest. And when the region do the compact, it uses the rs's ugi
> to process the compact, so the compact can successfully done.
> Example:
> user "mapred" do not have permission "Admin",
> {code}
> hbase(main):001:0> user_permission 'Security'
> User Table,Family,Qualifier:Permission
>
> mapred Security,f1,c1: [Permission:
> actions=READ,WRITE]
> hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9'
> 0 row(s) in 0.0590 seconds
> hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10'
> 0 row(s) in 0.0040 seconds
> hbase(main):006:0> compact 'Security'
> 0 row(s) in 0.0260 seconds
> {code}
> Maybe we can add permission check in the preCompactSelection() ?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
