You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Alok Lal (JIRA)" <ji...@apache.org> on 2015/06/18 00:20:00 UTC
[jira] [Updated] (RANGER-558) Hbase plugin: unless user has READ
access at some level under the table/family being accessed (via scan/get)
authorizer should throw an exception and audit
[ https://issues.apache.org/jira/browse/RANGER-558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alok Lal updated RANGER-558:
----------------------------
Attachment: 0001-RANGER-558-Hbase-plugin-unless-user-has-READ-access-.patch
Consolidated rebased patch (as of 9d29006)
> Hbase plugin: unless user has READ access at some level under the table/family being accessed (via scan/get) authorizer should throw an exception and audit
> -----------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-558
> URL: https://issues.apache.org/jira/browse/RANGER-558
> Project: Ranger
> Issue Type: Bug
> Affects Versions: 0.5.0
> Reporter: Alok Lal
> Assignee: Alok Lal
> Attachments: 0001-RANGER-558-Hbase-plugin-unless-user-has-READ-access-.patch
>
>
> Authorizer returns 0 rows today if user has some other type of access (say WRITE) to a column under the table being requested. Further, such attempts are not audited as a denial. This behavior is at odds with that of the hbase standard authorizer. Both of these should be fixed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)