You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2013/12/20 23:26:09 UTC

[jira] [Comment Edited] (HBASE-6104) Require EXEC permission to call coprocessor endpoints

    [ https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13854606#comment-13854606 ] 

Andrew Purtell edited comment on HBASE-6104 at 12/20/13 10:24 PM:
------------------------------------------------------------------

bq. For the sake of simplicity, I suggest considering an EXEC permission per CF.

Simplifying this even further, why not just a test for if the user has EXEC permission on the table. Attached is a patch to trunk which does that. Now, the question is how many unit tests does this break. Working on that now.

Edit: I did design the new regionobserver hooks (endpoints are managed by hregion) so that further discrimination by service and even by method is possible.


was (Author: apurtell):
bq. For the sake of simplicity, I suggest considering an EXEC permission per CF.

Simplifying this even further, why not just a test for if the user has EXEC permission on the table. Attached is a patch to trunk which does that. Now, the question is how many unit tests does this break. Working on that now.

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>    Affects Versions: 0.95.2
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0
>
>         Attachments: 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It should really be used to enforce access to coprocessor endpoint RPC calls, which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol extension?
> * Should it be possible to grant access to a CoprocessorProtocol implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they could additionally apply their own permission checks? Some CP endpoints may want to require READ permissions, others may want to enforce WRITE, or READ + WRITE.
> To apply these kinds of checks we would also have to extend the RegionObserver interface to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)