[
https://issues.apache.org/jira/browse/PHOENIX-5905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17112402#comment-17112402
]
Rajeshbabu Chintaguntla commented on PHOENIX-5905:
--------------------------------------------------
[~elserj]
bq.I can understand how this is very hard to get correct, especially when we
have the AccessController implementation and the Ranger implementation which
have different semantics. Probably not a good idea to take a dependency on
Ranger, but maybe we could mock a custom authz endpoint which acts like Ranger
does, and make our testing suite here a little better? Thinking out loud for
future improvements.
True better to have the test case with customer access controller service.
Raised PHOENIX-5908 will work on it.
Going to commit this at present. Thanks for review.
> Reset user to hbase by changing rpc context before getting user permissions
> on access controller service
> ---------------------------------------------------------------------------------------------------------
>
> Key: PHOENIX-5905
> URL: https://issues.apache.org/jira/browse/PHOENIX-5905
> Project: Phoenix
> Issue Type: Bug
> Reporter: Rajeshbabu Chintaguntla
> Assignee: Rajeshbabu Chintaguntla
> Priority: Major
> Fix For: 5.1.0, 4.16.0
>
> Attachments: PHOENIX-5905.patch
>
>
> Currently we are calling getUserPermissions with hbase user directly on
> access controller service which is not a rpc call. If we don't reset user
> system user will be considered and might expect extra privileges to return
> the user permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
