[
https://issues.apache.org/jira/browse/HBASE-17115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser resolved HBASE-17115.
--------------------------------
Hadoop Flags: Reviewed
Release Note:
Implements authorization for the HBase Web UI by limiting access to certain
endpoints which could be used to extract sensitive information from HBase.
Access to these restricted endpoints can be limited to a group of
administrators, identified either by a list of users
(hbase.security.authentication.spnego.admin.users) or by a list of groups
(hbase.security.authentication.spnego.admin.groups). By default, neither of
these values are set which will preserve backwards compatibility (allowing all
authenticated users to access all endpoints).
Further, users who have sensitive information in the HBase service
configuration can set hbase.security.authentication.ui.config.protected to true
which will treat the configuration endpoint as a protected, admin-only
resource. By default, all authenticated users may access the configuration
endpoint.
Resolution: Fixed
PreCommit on 1.x looks like it's busted. Resolving this for now and will
revisit a 1.x backport when I can figure out what's going on with precommit.
> HMaster/HRegion Info Server does not honour admin.acl
> -----------------------------------------------------
>
> Key: HBASE-17115
> URL: https://issues.apache.org/jira/browse/HBASE-17115
> Project: HBase
> Issue Type: Bug
> Reporter: Mohammad Arshad
> Assignee: Josh Elser
> Priority: Major
> Fix For: 3.0.0, 2.3.0, 2.2.3, 2.1.9
>
>
> Currently there is no way to enable protected URLs like /jmx, /conf only
> for admins. This is applicable for both Master and RegionServer.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
