You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by Josh Elser <el...@apache.org> on 2018/03/12 19:21:47 UTC
Flush requires global ADMIN permission on 2.0
Hi,
In some $dayjob testing, we've noticed that flushing a table requires
ADMIN permission by virtue of submitting the FlushProcedure (not
consciously about the flush operation itself).
I can see this going both ways, but I felt like ADMIN at the table level
is more appropriate than requiring the global ADMIN permission.
Thoughts?
- Josh
Re: Flush requires global ADMIN permission on 2.0
Posted by Francis Christopher Liu <to...@gmail.com>.
Not a fan of allowing users (including table and namespace admins) access
to HBase apis that directly allow them to create new files, etc. There's
potential for misuse spamming the NN, broadening the issue.
My 2 cents.
Francis
On Tue, Mar 13, 2018 at 1:49 PM Josh Elser <el...@apache.org> wrote:
> Yep, I totally understand what the problem is and respect how we got
> ourselves here. 20185 is on my list to review today.
>
> Thanks for taking it up, Appy.
>
> On 3/13/18 7:41 AM, Apekshit Sharma wrote:
> > https://issues.apache.org/jira/browse/HBASE-20185
> >
> > On Tue, Mar 13, 2018 at 4:35 PM, Apekshit Sharma <ap...@cloudera.com>
> wrote:
> >
> >> exactly what Duo said.
> >>
> >> Trying something....
> >>
> >> On Tue, Mar 13, 2018 at 7:44 AM, 张铎(Duo Zhang) <pa...@gmail.com>
> >> wrote:
> >>
> >>> I think the problem is that, in MasterRpcService.execProcedure, we do
> not
> >>> know the type of the Procedure so it is not possible for us to require
> >>> different permissions for them.
> >>>
> >>> Please open an issue for this, maybe we need to push down the
> permission
> >>> check for execProcedure/execProcedureWithRet down to a place where we
> >>> know
> >>> the actual type of the procedure.
> >>>
> >>> Thanks.
> >>>
> >>> 2018-03-13 3:52 GMT+08:00 Josh Elser <el...@apache.org>:
> >>>
> >>>> Thanks to Ted for digging down to find HBASE-19400 as the cause of
> this
> >>>> one.
> >>>>
> >>>> @Appy, curious on whether my initial assessment was correct on how we
> >>> got
> >>>> here. Would like to know if this was a conscious decision on your part
> >>> for
> >>>> flushes :)
> >>>>
> >>>>
> >>>> On 3/12/18 3:29 PM, Mike Drob wrote:
> >>>>
> >>>>> Table/Namespace/Global Admin sounds fine to me.
> >>>>>
> >>>>> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org>
> wrote:
> >>>>>
> >>>>> Hi,
> >>>>>>
> >>>>>> In some $dayjob testing, we've noticed that flushing a table
> requires
> >>>>>> ADMIN permission by virtue of submitting the FlushProcedure (not
> >>>>>> consciously about the flush operation itself).
> >>>>>>
> >>>>>> I can see this going both ways, but I felt like ADMIN at the table
> >>> level
> >>>>>> is more appropriate than requiring the global ADMIN permission.
> >>>>>>
> >>>>>> Thoughts?
> >>>>>>
> >>>>>> - Josh
> >>>>>>
> >>>>>>
> >>>>>
> >>>
> >>
> >>
> >>
> >> --
> >>
> >> -- Appy
> >>
> >
> >
> >
>
Re: Flush requires global ADMIN permission on 2.0
Posted by Josh Elser <el...@apache.org>.
Yep, I totally understand what the problem is and respect how we got
ourselves here. 20185 is on my list to review today.
Thanks for taking it up, Appy.
On 3/13/18 7:41 AM, Apekshit Sharma wrote:
> https://issues.apache.org/jira/browse/HBASE-20185
>
> On Tue, Mar 13, 2018 at 4:35 PM, Apekshit Sharma <ap...@cloudera.com> wrote:
>
>> exactly what Duo said.
>>
>> Trying something....
>>
>> On Tue, Mar 13, 2018 at 7:44 AM, 张铎(Duo Zhang) <pa...@gmail.com>
>> wrote:
>>
>>> I think the problem is that, in MasterRpcService.execProcedure, we do not
>>> know the type of the Procedure so it is not possible for us to require
>>> different permissions for them.
>>>
>>> Please open an issue for this, maybe we need to push down the permission
>>> check for execProcedure/execProcedureWithRet down to a place where we
>>> know
>>> the actual type of the procedure.
>>>
>>> Thanks.
>>>
>>> 2018-03-13 3:52 GMT+08:00 Josh Elser <el...@apache.org>:
>>>
>>>> Thanks to Ted for digging down to find HBASE-19400 as the cause of this
>>>> one.
>>>>
>>>> @Appy, curious on whether my initial assessment was correct on how we
>>> got
>>>> here. Would like to know if this was a conscious decision on your part
>>> for
>>>> flushes :)
>>>>
>>>>
>>>> On 3/12/18 3:29 PM, Mike Drob wrote:
>>>>
>>>>> Table/Namespace/Global Admin sounds fine to me.
>>>>>
>>>>> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
>>>>>
>>>>> Hi,
>>>>>>
>>>>>> In some $dayjob testing, we've noticed that flushing a table requires
>>>>>> ADMIN permission by virtue of submitting the FlushProcedure (not
>>>>>> consciously about the flush operation itself).
>>>>>>
>>>>>> I can see this going both ways, but I felt like ADMIN at the table
>>> level
>>>>>> is more appropriate than requiring the global ADMIN permission.
>>>>>>
>>>>>> Thoughts?
>>>>>>
>>>>>> - Josh
>>>>>>
>>>>>>
>>>>>
>>>
>>
>>
>>
>> --
>>
>> -- Appy
>>
>
>
>
Re: Flush requires global ADMIN permission on 2.0
Posted by Apekshit Sharma <ap...@cloudera.com>.
https://issues.apache.org/jira/browse/HBASE-20185
On Tue, Mar 13, 2018 at 4:35 PM, Apekshit Sharma <ap...@cloudera.com> wrote:
> exactly what Duo said.
>
> Trying something....
>
> On Tue, Mar 13, 2018 at 7:44 AM, 张铎(Duo Zhang) <pa...@gmail.com>
> wrote:
>
>> I think the problem is that, in MasterRpcService.execProcedure, we do not
>> know the type of the Procedure so it is not possible for us to require
>> different permissions for them.
>>
>> Please open an issue for this, maybe we need to push down the permission
>> check for execProcedure/execProcedureWithRet down to a place where we
>> know
>> the actual type of the procedure.
>>
>> Thanks.
>>
>> 2018-03-13 3:52 GMT+08:00 Josh Elser <el...@apache.org>:
>>
>> > Thanks to Ted for digging down to find HBASE-19400 as the cause of this
>> > one.
>> >
>> > @Appy, curious on whether my initial assessment was correct on how we
>> got
>> > here. Would like to know if this was a conscious decision on your part
>> for
>> > flushes :)
>> >
>> >
>> > On 3/12/18 3:29 PM, Mike Drob wrote:
>> >
>> >> Table/Namespace/Global Admin sounds fine to me.
>> >>
>> >> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
>> >>
>> >> Hi,
>> >>>
>> >>> In some $dayjob testing, we've noticed that flushing a table requires
>> >>> ADMIN permission by virtue of submitting the FlushProcedure (not
>> >>> consciously about the flush operation itself).
>> >>>
>> >>> I can see this going both ways, but I felt like ADMIN at the table
>> level
>> >>> is more appropriate than requiring the global ADMIN permission.
>> >>>
>> >>> Thoughts?
>> >>>
>> >>> - Josh
>> >>>
>> >>>
>> >>
>>
>
>
>
> --
>
> -- Appy
>
--
-- Appy
Re: Flush requires global ADMIN permission on 2.0
Posted by Apekshit Sharma <ap...@cloudera.com>.
exactly what Duo said.
Trying something....
On Tue, Mar 13, 2018 at 7:44 AM, 张铎(Duo Zhang) <pa...@gmail.com>
wrote:
> I think the problem is that, in MasterRpcService.execProcedure, we do not
> know the type of the Procedure so it is not possible for us to require
> different permissions for them.
>
> Please open an issue for this, maybe we need to push down the permission
> check for execProcedure/execProcedureWithRet down to a place where we know
> the actual type of the procedure.
>
> Thanks.
>
> 2018-03-13 3:52 GMT+08:00 Josh Elser <el...@apache.org>:
>
> > Thanks to Ted for digging down to find HBASE-19400 as the cause of this
> > one.
> >
> > @Appy, curious on whether my initial assessment was correct on how we got
> > here. Would like to know if this was a conscious decision on your part
> for
> > flushes :)
> >
> >
> > On 3/12/18 3:29 PM, Mike Drob wrote:
> >
> >> Table/Namespace/Global Admin sounds fine to me.
> >>
> >> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
> >>
> >> Hi,
> >>>
> >>> In some $dayjob testing, we've noticed that flushing a table requires
> >>> ADMIN permission by virtue of submitting the FlushProcedure (not
> >>> consciously about the flush operation itself).
> >>>
> >>> I can see this going both ways, but I felt like ADMIN at the table
> level
> >>> is more appropriate than requiring the global ADMIN permission.
> >>>
> >>> Thoughts?
> >>>
> >>> - Josh
> >>>
> >>>
> >>
>
--
-- Appy
Re: Flush requires global ADMIN permission on 2.0
Posted by "张铎 (Duo Zhang)" <pa...@gmail.com>.
I think the problem is that, in MasterRpcService.execProcedure, we do not
know the type of the Procedure so it is not possible for us to require
different permissions for them.
Please open an issue for this, maybe we need to push down the permission
check for execProcedure/execProcedureWithRet down to a place where we know
the actual type of the procedure.
Thanks.
2018-03-13 3:52 GMT+08:00 Josh Elser <el...@apache.org>:
> Thanks to Ted for digging down to find HBASE-19400 as the cause of this
> one.
>
> @Appy, curious on whether my initial assessment was correct on how we got
> here. Would like to know if this was a conscious decision on your part for
> flushes :)
>
>
> On 3/12/18 3:29 PM, Mike Drob wrote:
>
>> Table/Namespace/Global Admin sounds fine to me.
>>
>> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
>>
>> Hi,
>>>
>>> In some $dayjob testing, we've noticed that flushing a table requires
>>> ADMIN permission by virtue of submitting the FlushProcedure (not
>>> consciously about the flush operation itself).
>>>
>>> I can see this going both ways, but I felt like ADMIN at the table level
>>> is more appropriate than requiring the global ADMIN permission.
>>>
>>> Thoughts?
>>>
>>> - Josh
>>>
>>>
>>
Re: Flush requires global ADMIN permission on 2.0
Posted by Josh Elser <el...@apache.org>.
Thanks to Ted for digging down to find HBASE-19400 as the cause of this one.
@Appy, curious on whether my initial assessment was correct on how we
got here. Would like to know if this was a conscious decision on your
part for flushes :)
On 3/12/18 3:29 PM, Mike Drob wrote:
> Table/Namespace/Global Admin sounds fine to me.
>
> On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
>
>> Hi,
>>
>> In some $dayjob testing, we've noticed that flushing a table requires
>> ADMIN permission by virtue of submitting the FlushProcedure (not
>> consciously about the flush operation itself).
>>
>> I can see this going both ways, but I felt like ADMIN at the table level
>> is more appropriate than requiring the global ADMIN permission.
>>
>> Thoughts?
>>
>> - Josh
>>
>
Re: Flush requires global ADMIN permission on 2.0
Posted by Mike Drob <md...@apache.org>.
Table/Namespace/Global Admin sounds fine to me.
On Mon, Mar 12, 2018 at 2:21 PM, Josh Elser <el...@apache.org> wrote:
> Hi,
>
> In some $dayjob testing, we've noticed that flushing a table requires
> ADMIN permission by virtue of submitting the FlushProcedure (not
> consciously about the flush operation itself).
>
> I can see this going both ways, but I felt like ADMIN at the table level
> is more appropriate than requiring the global ADMIN permission.
>
> Thoughts?
>
> - Josh
>