[jira] [Comment Edited] (HBASE-6104) Require EXEC permission to call coprocessor endpoints

Fri, 20 Dec 2013 17:01:44 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13854714#comment-13854714
 ] 

Gary Helmling edited comment on HBASE-6104 at 12/21/13 12:58 AM:
-----------------------------------------------------------------

Sorry my example wasn't very clear.  I meant the "\*" to represent the 
username, so effectively doing a default allow to all users.  Don't think we 
support this yet?  Certain combinations would still be problematic -- if I 
grant to "\*" users, then try to revoke for a single user is that allowed or 
does it error out?


was (Author: ghelmling):
Sorry my example wasn't very clear.  I meant the "*" to represent the username, 
so effectively doing a default allow to all users.  Don't think we support this 
yet?  Certain combinations would still be problematic -- if I grant to "*" 
users, then try to revoke for a single user is that allowed or does it error 
out?

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>    Affects Versions: 0.95.2
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0
>
>         Attachments: 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It 
> should really be used to enforce access to coprocessor endpoint RPC calls, 
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol 
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol 
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they 
> could additionally apply their own permission checks? Some CP endpoints may 
> want to require READ permissions, others may want to enforce WRITE, or READ + 
> WRITE.
> To apply these kinds of checks we would also have to extend the 
> RegionObserver interface to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to