You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2021/08/28 07:22:06 UTC

[GitHub] [hbase] pankaj72981 edited a comment on pull request #3633: HBASE-26228 updateRSGroupConfig operation should be authorized by AccessController

pankaj72981 edited a comment on pull request #3633:
URL: https://github.com/apache/hbase/pull/3633#issuecomment-907586368


   > And maybe this should be declared as an incompatible issue?
   
   It shouldn't be an incompatible change, ACL check is skipped only in master branch. 
   
   In branch-2 ACL is validated twice (we should correct it)
   1. MasterRpcServices#execMasterService
            https://github.com/apache/hbase/blob/3b1482ef6016b1df7dfdf2d87a048242ceec5a12/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java#L891
   2. RSGroupAdminEndpoint (currently updateRSGroupConfig doesn't call checkPermission, but authorized in MasterRpcServices#execMasterService)
           https://github.com/apache/hbase/blob/3b1482ef6016b1df7dfdf2d87a048242ceec5a12/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java#L259
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org