You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/05/24 14:22:07 UTC

[jira] [Commented] (HBASE-5352) ACL improvements

    [ https://issues.apache.org/jira/browse/HBASE-5352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13282382#comment-13282382 ] 

Laxman commented on HBASE-5352:
-------------------------------

Enis & Matt, hope you don't mind if I add some sub-tasks related to ACL here.
Already added HBASE-6086. Matt clarified this is a duplicate of HBASE-5372.

Also one more observation I wanted to validate with you.

Currently, AccessController doesn't provide implementation for some methods like preFlush, preSplit and many others. That means, any unauthorized user can trigger these operations on a table.

Do we need to handle this in a separate jira?
                
> ACL improvements
> ----------------
>
>                 Key: HBASE-5352
>                 URL: https://issues.apache.org/jira/browse/HBASE-5352
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.92.1, 0.94.0
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>
> In this issue I would like to open discussion for a few minor ACL related improvements. The proposed changes are as follows: 
> 1. Introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.
> 2. getUserPermissions(tableName)/grant/revoke and drop/modify table operations should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. The reasoning is that if a user is able to admin or read from a table, she should be able to read the table's permissions. We can choose whether we want only READ or ADMIN permissions for getUserPermission(). Since we check for global permissions first for table permissions, configuring table access using global permissions will continue to work.  
> 3. Grant/Revoke global permissions - HBASE-5342 (included for completeness)
> From all 3, we may want to backport the first one to 0.92 since without it, Hive/Hcatalog cannot use Hbase's authorization mechanism effectively. 
> I will create subissues and convert HBASE-5342 to a subtask when we get some feedback, and opinions for going further. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira