You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Reid Chan (JIRA)" <ji...@apache.org> on 2018/11/17 05:46:00 UTC

[jira] [Comment Edited] (HBASE-21481) [acl] Superuser's permissions should not be granted or revoked by any non-su global admin

    [ https://issues.apache.org/jira/browse/HBASE-21481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16690391#comment-16690391 ] 

Reid Chan edited comment on HBASE-21481 at 11/17/18 5:45 AM:
-------------------------------------------------------------

* Add a check on target user/group whether he is a superuser or a user in supergroup or neither.
* Add a new test: {{TestRpcAccessChecks#testGrantRevokeDeniedOnSuperUsersGroups}} which includes group permission test cases.
* Change visibility of {{TestingGroups}} to _public_ for test, otherwise, it can't be initialized in AccessChecker.



was (Author: reidchan):
* Add a check on target user/group where he is a superuser or a user in supergroup.
* Add a new test: {{TestRpcAccessChecks#testGrantRevokeDeniedOnSuperUsersGroups}} which includes group permission test cases.
* Change visibility of {{TestingGroups}} to _public_ for test, otherwise, it can't be initialized in AccessChecker.


> [acl] Superuser's permissions should not be granted or revoked by any non-su global admin
> -----------------------------------------------------------------------------------------
>
>                 Key: HBASE-21481
>                 URL: https://issues.apache.org/jira/browse/HBASE-21481
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Reid Chan
>            Assignee: Reid Chan
>            Priority: Major
>              Labels: ACL, security-issue
>             Fix For: 3.0.0, 2.2.0
>
>         Attachments: HBASE-21481.master.001.patch
>
>
> Superusers are {{hbase.superuser}} listed in configuration and plus the one who start master process, these two may be overlap.
> A superuser must be a global admin, but a global admin may not be a superuser, possibly granted afterwards.
> For now, an non-su global admin with a Global.ADMIN permission can grant or revoke any superuser's permission, accidentally or deliberately.
> The purpose of this issue is to ban this action.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)