Andrew Purtell created HBASE-8692:
-------------------------------------
Summary: [AccessController] Restrict HTableDescriptor enumeration
Key: HBASE-8692
URL: https://issues.apache.org/jira/browse/HBASE-8692
Project: HBase
Issue Type: Improvement
Affects Versions: 0.98.0, 0.95.1, 0.94.9
Reporter: Andrew Purtell
Assignee: Andrew Purtell
Some users are concerned about having table schema exposed to every user and
would like it protected, similar to the rest of the admin operations for
schema.
This used to be hopeless because META would leak HTableDescriptors in
HRegionInfo, but that is no longer the case in 0.94+.
Consider adding CP hooks in the master for intercepting
HMasterInterface#getHTableDescriptors and
HMasterInterface#getHTableDescriptors(List<String>). Add support in the
AccessController for only allowing GLOBAL ADMIN to the first method. Add
support in the AccessController for allowing access to the descriptors for the
table names in the list of the second method only if the user has TABLE ADMIN
privilege for all of the listed table names.
Then, fix the code in HBaseAdmin (and elsewhere) that expects to be able to
enumerate all table descriptors e.g. in deleteTable. A TABLE ADMIN can delete a
table but won’t have GLOBAL ADMIN privilege to enumerate the total list. So a
minor fixup is needed here, and in other places like this which make the same
assumption.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
