[
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13855469#comment-13855469
]
Andrew Purtell edited comment on HBASE-6104 at 12/23/13 7:36 AM:
-----------------------------------------------------------------
bq. So this breaks the compatibility for endpoints when Security is in place.
See the release note on this issue. Is it sufficient? We are not changing APIs,
but yes if the AccessController is active than, for example, granting a user
the ability to do a secure bulk load will require granting EXEC privilege as
well as the others, because that is a coprocessor endpoint based service.
Now that I'm thinking about it, let me add a unit test that insures EXEC if
granted to a user for an entire namespace works as expected.
was (Author: apurtell):
bq. So this breaks the compatibility for endpoints when Security is in place.
See the release note on this issue. Is it sufficient? We are not changing APIs,
but yes if the AccessController is active than, for example, granting a user
the ability to do a secure bulk load will require granting EXEC privilege as
well as the others, because that is a coprocessor endpoint based service.
Now that I'm thinking about it, let me add a unit test that insures EXEC if
granted to an entire namespace works as expected.
> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
> Key: HBASE-6104
> URL: https://issues.apache.org/jira/browse/HBASE-6104
> Project: HBase
> Issue Type: Sub-task
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Andrew Purtell
> Fix For: 0.98.0, 0.99.0
>
> Attachments: 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control. It
> should really be used to enforce access to coprocessor endpoint RPC calls,
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they
> could additionally apply their own permission checks? Some CP endpoints may
> want to require READ permissions, others may want to enforce WRITE, or READ +
> WRITE.
> To apply these kinds of checks we would also have to extend the
> RegionObserver interface to provide hooks wrapping HRegion.exec().
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
