[jira] [Commented] (HBASE-8692) [AccessController] Restrict HTableDescriptor enumeration

Thu, 27 Jun 2013 10:06:39 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-8692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694869#comment-13694869
 ] 

stack commented on HBASE-8692:
------------------------------

This looks to have broke TestAccessController.  See 
http://54.241.6.143/job/HBase-0.95-Hadoop-2/org.apache.hbase$hbase-server/508/testReport/org.apache.hadoop.hbase.security.access/TestAccessController/testBulkLoad/

I added debug to the exception:

Expected action to pass for user 'rwuser' but was denied: 
org.apache.hadoop.hbase.exceptions.AccessDeniedException: 
org.apache.hadoop.hbase.exceptions.AccessDeniedException: Insufficient 
permissions (user=rwuser, scope=testBulkLoad, family=, action=CREATE)  at 
org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:351)
  at 
org.apache.hadoop.hbase.security.access.AccessController.preGetTableDescriptors(AccessController.java:1391)
  at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetTableDescriptors(MasterCoprocessorHost.java:1125)
  at 
org.apache.hadoop.hbase.master.HMaster.getTableDescriptors(HMaster.java:2418)  
at 
org.apache.hadoop.hbase.protobuf.generated.MasterMonitorProtos$MasterMonitorService$2.callBlockingMethod(MasterMonitorProtos.java:2702)
  at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2122)  at 
org.apache.hadoop.hbase.ipc.RpcServer$Handler.run(RpcServer.java:1829) 


The rwuser does not have the now required CREATE permission.

The testBulkLoad has been failing solidly for a while now.  I'll disable it for 
the moment till this addressed over in HBASE-8799
                
> [AccessController] Restrict HTableDescriptor enumeration
> --------------------------------------------------------
>
>                 Key: HBASE-8692
>                 URL: https://issues.apache.org/jira/browse/HBASE-8692
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors, security
>    Affects Versions: 0.98.0, 0.95.1, 0.94.9
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0, 0.95.2, 0.94.9
>
>         Attachments: 8692-0.94.patch, 8692-0.94.patch, 8692-0.94.patch, 
> 8692-0.94.patch, 8692.patch, 8692.patch, 8692.patch, 8692.patch
>
>
> Some users are concerned about having table schema exposed to every user and 
> would like it protected, similar to the rest of the admin operations for 
> schema. 
> This used to be hopeless because META would leak HTableDescriptors in 
> HRegionInfo, but that is no longer the case in 0.94+.
> Consider adding CP hooks in the master for intercepting 
> HMasterInterface#getHTableDescriptors and 
> HMasterInterface#getHTableDescriptors(List<String>).  Add support in the 
> AccessController for only allowing GLOBAL ADMIN to the first method. Add 
> support in the AccessController for allowing access to the descriptors for 
> the table names in the list of the second method only if the user has TABLE 
> ADMIN privilege for all of the listed table names.
> Then, fix the code in HBaseAdmin (and elsewhere) that expects to be able to 
> enumerate all table descriptors e.g. in deleteTable. A TABLE ADMIN can delete 
> a table but won’t have GLOBAL ADMIN privilege to enumerate the total list. So 
> a minor fixup is needed here, and in other places like this which make the 
> same assumption.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to