[jira] [Comment Edited] (HBASE-6104) Require EXEC permission to call coprocessor endpoints

Fri, 20 Dec 2013 14:26:28 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13854606#comment-13854606
 ] 

Andrew Purtell edited comment on HBASE-6104 at 12/20/13 10:24 PM:
------------------------------------------------------------------

bq. For the sake of simplicity, I suggest considering an EXEC permission per CF.

Simplifying this even further, why not just a test for if the user has EXEC 
permission on the table. Attached is a patch to trunk which does that. Now, the 
question is how many unit tests does this break. Working on that now.

Edit: I did design the new regionobserver hooks (endpoints are managed by 
hregion) so that further discrimination by service and even by method is 
possible.


was (Author: apurtell):
bq. For the sake of simplicity, I suggest considering an EXEC permission per CF.

Simplifying this even further, why not just a test for if the user has EXEC 
permission on the table. Attached is a patch to trunk which does that. Now, the 
question is how many unit tests does this break. Working on that now.

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>    Affects Versions: 0.95.2
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0
>
>         Attachments: 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It 
> should really be used to enforce access to coprocessor endpoint RPC calls, 
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol 
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol 
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they 
> could additionally apply their own permission checks? Some CP endpoints may 
> want to require READ permissions, others may want to enforce WRITE, or READ + 
> WRITE.
> To apply these kinds of checks we would also have to extend the 
> RegionObserver interface to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to