You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Appy (JIRA)" <ji...@apache.org> on 2018/03/13 11:42:00 UTC

[jira] [Created] (HBASE-20185) Fix ACL check for MasterRpcServices#execProcedure

Appy created HBASE-20185:
----------------------------

             Summary: Fix ACL check for MasterRpcServices#execProcedure
                 Key: HBASE-20185
                 URL: https://issues.apache.org/jira/browse/HBASE-20185
             Project: HBase
          Issue Type: Bug
            Reporter: Appy
            Assignee: Appy


Mailing thread ref: [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E]

TLDR; HBASE-19400 messed up perms required for flushing a table.
----
Looks like flush and snapshot procedures are already doing permissions check as part of preTableFlush/preSnapshot hooks. However, LogRollMasterProcedureManager is missing access checks ([~elserj], can someone look at it?)
 
With that, it makes no sense to put an ADMIN perm requirement which was added by me in HBASE-19400. Removing it.
However, to make things better for future, i have made few design changes which will ensure 1) perm checks don't slip by mistake, 2) a suitable placeholder for checks for flush & snapshot when we remove AccessController for good.
 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)