You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2022/06/15 00:48:00 UTC

[jira] [Resolved] (HBASE-15256) Replication access control should be based on destination table

     [ https://issues.apache.org/jira/browse/HBASE-15256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Kyle Purtell resolved HBASE-15256.
-----------------------------------------
    Resolution: Won't Fix

> Replication access control should be based on destination table
> ---------------------------------------------------------------
>
>                 Key: HBASE-15256
>                 URL: https://issues.apache.org/jira/browse/HBASE-15256
>             Project: HBase
>          Issue Type: Improvement
>          Components: Replication, security
>            Reporter: Gary Helmling
>            Priority: Major
>
> HBASE-12916 added access control for replication sinks, where previously it was missing.  However, the access control check is only enforced by checking for a global write permission.  This is both less granular than the check could be and less intuitive (access is denied even if the source cell has write permission to the table being replicated).
> There is obviously more performance overhead from doing more granular checks, but if we only do checks on the distinct set of tables/cfs being written, I think the trade-off might be worth it.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)