[jira] [Commented] (HBASE-6104) Require EXEC permission to call coprocessor endpoints

Thu, 02 Jan 2014 10:24:27 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13860505#comment-13860505
 ] 

Andrew Purtell commented on HBASE-6104:
---------------------------------------

Thanks for the feedback [~giacomotaylor]. Yes, EXEC privilege affects only the 
invocation of endpoints. The essential change is if a user is not granted EXEC 
permission then the invocation will be rejected. 

Regarding your point #2, what prevents your observer from taking the data in an 
attribute of the first mutation presented and applying it on a regionserver 
level? Whether your observer does something locally on the region or globally 
on the regionserver in response to an attribute is up to you. LarsH put in 
state sharing for region observers in HBASE-6505. 

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: New Feature
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.99.0
>
>         Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch, 
> 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It 
> should really be used to enforce access to coprocessor endpoint RPC calls, 
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol 
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol 
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they 
> could additionally apply their own permission checks? Some CP endpoints may 
> want to require READ permissions, others may want to enforce WRITE, or READ + 
> WRITE.
> To apply these kinds of checks we would also have to extend the 
> RegionObserver interface to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to