You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "meiwen li (JIRA)" <ji...@apache.org> on 2016/03/18 10:45:33 UTC

[jira] [Created] (HBASE-15483) After disabling Authorization, user should not be allowed to modify ACL record

meiwen li created HBASE-15483:
---------------------------------

             Summary: After disabling Authorization, user should not be allowed to modify ACL record 
                 Key: HBASE-15483
                 URL: https://issues.apache.org/jira/browse/HBASE-15483
             Project: HBase
          Issue Type: Bug
          Components: security
            Reporter: meiwen li


After setting hbase.security.authorization to be false, hbase does NOT do authority check for any operations by any users. Thus, any user, including read only user, has the authority to grant <user> <any permission>. The change to ACL record is lasted and will take effective after next authorization enabling. 

The conseqence is,
A readonly user can change an admin user to be a "readonly" user after a round of "disable authorization" and "enable authorization"
Also,
A readonly user can change a "readonly" user to be an Admin after such a round of disable/enable.

It is expected that 
after authorization is disabled, the authorization related file, the ACL record, should not be open to users and not be changed. Otherwise, after the authorization next enablement, the changed ACL takes action and users get unexpected authority.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)