You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Chia-Ping Tsai (JIRA)" <ji...@apache.org> on 2018/01/02 23:57:00 UTC
[jira] [Commented] (HBASE-19691) Do not require ADMIN permission
for obtaining ClusterStatus
[ https://issues.apache.org/jira/browse/HBASE-19691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16308898#comment-16308898 ]
Chia-Ping Tsai commented on HBASE-19691:
----------------------------------------
Seems it is over-the-top. +1 to revert it. However, the ClusterStatus is the only way to get the cluster information so it will be more complicated I believe. It may be a leak of security in the future.
Thanks for this nice catch. [~elserj] [~romil.choksi]
> Do not require ADMIN permission for obtaining ClusterStatus
> -----------------------------------------------------------
>
> Key: HBASE-19691
> URL: https://issues.apache.org/jira/browse/HBASE-19691
> Project: HBase
> Issue Type: Bug
> Reporter: Romil Choksi
> Assignee: Josh Elser
> Priority: Critical
> Fix For: 1.4.1, 2.0.0-beta-2
>
>
> Appears to be a regression introduced by HBASE-19131. Operations that attempt to obtain the `status` from the HMaster now fail if the requesting user doesn't have global ADMIN permission.
> Discussion: https://lists.apache.org/thread.html/f1cd2a50e5c460879c97043790b33aa375cd6b217455d611c3417e3d@%3Cdev.hbase.apache.org%3E
> Thanks to Romil for letting us know about this one.
> FYI [~stack] [~chia7712].
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)