You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Josh Elser (Jira)" <ji...@apache.org> on 2020/01/29 22:52:00 UTC
[jira] [Resolved] (HBASE-17115) HMaster/HRegion Info Server does
not honour admin.acl
[ https://issues.apache.org/jira/browse/HBASE-17115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josh Elser resolved HBASE-17115.
--------------------------------
Hadoop Flags: Reviewed
Release Note:
Implements authorization for the HBase Web UI by limiting access to certain endpoints which could be used to extract sensitive information from HBase.
Access to these restricted endpoints can be limited to a group of administrators, identified either by a list of users (hbase.security.authentication.spnego.admin.users) or by a list of groups
(hbase.security.authentication.spnego.admin.groups). By default, neither of these values are set which will preserve backwards compatibility (allowing all authenticated users to access all endpoints).
Further, users who have sensitive information in the HBase service configuration can set hbase.security.authentication.ui.config.protected to true which will treat the configuration endpoint as a protected, admin-only resource. By default, all authenticated users may access the configuration endpoint.
Resolution: Fixed
PreCommit on 1.x looks like it's busted. Resolving this for now and will revisit a 1.x backport when I can figure out what's going on with precommit.
> HMaster/HRegion Info Server does not honour admin.acl
> -----------------------------------------------------
>
> Key: HBASE-17115
> URL: https://issues.apache.org/jira/browse/HBASE-17115
> Project: HBase
> Issue Type: Bug
> Reporter: Mohammad Arshad
> Assignee: Josh Elser
> Priority: Major
> Fix For: 3.0.0, 2.3.0, 2.2.3, 2.1.9
>
>
> Currently there is no way to enable protected URLs like /jmx, /conf only for admins. This is applicable for both Master and RegionServer.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)