You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "stack (JIRA)" <ji...@apache.org> on 2012/06/30 17:44:44 UTC

[jira] [Assigned] (HBASE-6292) Compact can skip the security access control

     [ https://issues.apache.org/jira/browse/HBASE-6292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

stack reassigned HBASE-6292:
----------------------------

    Assignee: Andrew Purtell  (was: ShiXing)

Mind taking a look Andrew (and assigning back to ShiXing after)?  Let me know if this assign inapproprate.
                
> Compact can skip the security access control
> --------------------------------------------
>
>                 Key: HBASE-6292
>                 URL: https://issues.apache.org/jira/browse/HBASE-6292
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0, 0.96.0, 0.94.1
>            Reporter: ShiXing
>            Assignee: Andrew Purtell
>              Labels: acl, security
>         Attachments: HBASE-6292-trunk-V1.patch
>
>
> When client sends compact command to rs, the rs just create a CompactionRequest, and then put it into the thread pool to process the CompactionRequest. And when the region do the compact, it uses the rs's ugi to process the compact, so the compact can successfully done.
> Example:
> user "mapred" do not have permission "Admin",
> {code}
> hbase(main):001:0> user_permission 'Security'
> User                                Table,Family,Qualifier:Permission                                                                      
>  mapred                             Security,f1,c1: [Permission: actions=READ,WRITE] 
> hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9'
> 0 row(s) in 0.0590 seconds
> hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10'
> 0 row(s) in 0.0040 seconds
> hbase(main):006:0> compact 'Security'
> 0 row(s) in 0.0260 seconds
> {code}
> Maybe we can add permission check in the preCompactSelection() ?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira