You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2019/01/09 02:11:00 UTC

[jira] [Commented] (HBASE-21591) Support ability to have host based permissions

    [ https://issues.apache.org/jira/browse/HBASE-21591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737756#comment-16737756 ] 

Andrew Purtell commented on HBASE-21591:
----------------------------------------

This seems fine, given the available detail to evaluate the proposal. Try to minimize coprocessor API changes. For example, consider using the RPC static helper method to retrieve the client IP address from the RPC context and put it in the observer context instead of passing it through as a new method parameter. Changes to private interfaces will all be fine.

> Support ability to have host based permissions
> ----------------------------------------------
>
>                 Key: HBASE-21591
>                 URL: https://issues.apache.org/jira/browse/HBASE-21591
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Clay B.
>            Assignee: Clay B.
>            Priority: Trivial
>
> Today, one can put in an ACL rule where a user is not permitted to read data but can insert data (e.g. {{grant 'user', 'table', 'W'}}). However, one can not implement HBase as a "drop-box" for data where by in a secure network, one can read and write data but outside that secure network one can only write data; and I do not believe this is possible with custom access controllers, unless one "wraps" HBase; e.g. with the HBase REST server.
> I have been pushing for this model (e.g. [Of Data Dropboxes and Data Gloveboxes|https://thestrangeloop.com/2018/of-data-dropboxes-and-data-gloveboxes.html] or [slides|http://clayb.net/presentations/Of%20Data%20Dropboxes%20and%20Data%20Gloveboxes.pdf]) in a number of technologies for some data compartmentalization initiatives.
> I propose passing the requester's host information through the HBase authentication stack so that the ACL model in HBase can work akin to the SQL semantics of {{user@host}} or {{user@<anywhere>}}.The expected impact would be to HBase private interfaces only, so far in POC'ing it seems the following would be impacted:
> Access Control Classes/ACL Table Management:
> * AccessControlUtil
> * UserPermission
> * AccessChecker
> * AccessControlFilter
> * AccessController
> * AuthResult
> * TableAuthManager
> * AccessControl.proto
> Co-Processor APIs for Checking Authentication:
> * CoprocessorHost
> * ObserverContext
> * ObserverContextImpl
> * RSRpcServices
> * RSGroupAdminEndpoint



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)