Jerry He created HBASE-12644:
--------------------------------
Summary: Visibility Labels: issue with storing super users in
labels table
Key: HBASE-12644
URL: https://issues.apache.org/jira/browse/HBASE-12644
Project: HBase
Issue Type: Bug
Components: security
Affects Versions: 0.99.2, 0.98.8
Reporter: Jerry He
Fix For: 1.0.0, 0.98.9
Super users have all the permissions for ACL and Visibility labels.
They are defined in hbase-site.xml.
Currently in VisibilityController, we persist super user with their system
permission in hbase:labels.
This make change in super user difficult.
There are two issues:
In the current DefaultVisibilityLabelServiceImpl.addSystemLabel, we only add
super user when we initially create the 'system' label.
No additional update after that even if super user changed. See code for
details.
Additionally, there is no mechanism to remove any super user from the labels
table.
We probably should not persist super users in the labels table.
They are in hbase-site.xml and can just stay in labelsCache and used from
labelsCache after retrieval by Visibility Controller.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
