You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Duo Zhang (JIRA)" <ji...@apache.org> on 2018/07/07 07:34:00 UTC

[jira] [Commented] (HBASE-20639) Implement permission checking through AccessController instead of RSGroupAdminEndpoint

    [ https://issues.apache.org/jira/browse/HBASE-20639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16535661#comment-16535661 ] 

Duo Zhang commented on HBASE-20639:
-----------------------------------

What's the status of this issue? It is reopened without any explanation? And also no fix versions? For months?

> Implement permission checking through AccessController instead of RSGroupAdminEndpoint
> --------------------------------------------------------------------------------------
>
>                 Key: HBASE-20639
>                 URL: https://issues.apache.org/jira/browse/HBASE-20639
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Nihal Jain
>            Priority: Major
>         Attachments: HBASE-20639.master.001.patch, HBASE-20639.master.002.patch, HBASE-20639.master.002.patch
>
>
> Currently permission checking for various RS group operations is done via RSGroupAdminEndpoint.
> e.g. in RSGroupAdminServiceImpl#moveServers() :
> {code}
>         checkPermission("moveServers");
>         groupAdminServer.moveServers(hostPorts, request.getTargetGroup());
> {code}
> The practice in remaining parts of hbase is to perform permission checking within AccessController.
> Now that observer hooks for RS group operations are in right place, we should follow best practice and move permission checking to AccessController.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)