meiwen li created HBASE-15483:
---------------------------------
Summary: After disabling Authorization, user should not be allowed
to modify ACL record
Key: HBASE-15483
URL: https://issues.apache.org/jira/browse/HBASE-15483
Project: HBase
Issue Type: Bug
Components: security
Reporter: meiwen li
After setting hbase.security.authorization to be false, hbase does NOT do
authority check for any operations by any users. Thus, any user, including read
only user, has the authority to grant <user> <any permission>. The change to
ACL record is lasted and will take effective after next authorization enabling.
The conseqence is,
A readonly user can change an admin user to be a "readonly" user after a round
of "disable authorization" and "enable authorization"
Also,
A readonly user can change a "readonly" user to be an Admin after such a round
of disable/enable.
It is expected that
after authorization is disabled, the authorization related file, the ACL
record, should not be open to users and not be changed. Otherwise, after the
authorization next enablement, the changed ACL takes action and users get
unexpected authority.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
