You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Vladimir Rodionov (JIRA)" <ji...@apache.org> on 2018/09/06 18:20:00 UTC

[jira] [Commented] (HBASE-21163) Support backup-and-restore operations without Hbase Super user privilege

    [ https://issues.apache.org/jira/browse/HBASE-21163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16606201#comment-16606201 ] 

Vladimir Rodionov commented on HBASE-21163:
-------------------------------------------

I changed the type from Brainstorming to Improvement. This feature seems important to users, therefore it will be given priority in a Phase 4 development.

> Support backup-and-restore operations without Hbase Super user privilege
> ------------------------------------------------------------------------
>
>                 Key: HBASE-21163
>                 URL: https://issues.apache.org/jira/browse/HBASE-21163
>             Project: HBase
>          Issue Type: Improvement
>          Components: hbase-operator-tools
>            Reporter: sujit p
>            Assignee: Vladimir Rodionov
>            Priority: Major
>
> Hello Team,
> I am opening this Apache Jira to request for an analysis on considering following problem statement:
> Currently backup-and-restore utility is designed to work with "hbase" superuser privileges.
> I see at-least couple concerns on that, may be more, will add more later on:
>  * For smaller organizations with less than 20 hbase tables or couple of clusters, it is manageable, hbase admins. However, for larger organizations or larger clusters, that would need providing hbase super user access to many people to manage such operations which can be a security risk on source cluster.
>  * In certain scenarios, it may be typical to have one DR Cluster in remote data center to store backup tables, and having super privileges for all tables in remote cluster is another risk for same reasons above.
> I suggest to review into making backup and restore without hbase super privileges .
> Tenants or application admins may have certainly have admin access to relevant tables/namespaces/snapshots.
> Here is an example on what I am proposing from RDBMS : [https://docs.oracle.com/cd/E16926_01/doc.121/e16564/configure_users_classes.htm#OBADM144]
> Thanks
>  
> PS: Forgive me if I hadn't opened my second apache Jira correct way, happy to correct it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)