[
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13860683#comment-13860683
]
Andrew Purtell edited comment on HBASE-6104 at 1/2/14 8:06 PM:
---------------------------------------------------------------
If we introduce a new client API to the effect of "send one RPC to each RS",
then this amounts to a modified coprocessor endpoint execution, but with an
invocation target that is a singleton to each RS, and should be subject to the
same security considerations. Passing an attribute on the first put to a RS
sidesteps the need for EXEC grants on any endpoint invocation target, which is
what sounds like the goal you are after. Remainder of response on HBASE-9291.
was (Author: apurtell):
If we introduce a new client API to the effect of "send one RPC to each RS",
then this amounts to a modified coprocessor endpoint execution, but with an
invocation target that is a singleton to each RS, and should be subject to the
same security considerations. Passing an attribute on the first put to a RS
sidesteps the need for EXEC grants on any endpoint invocation target. Remainder
of response on HBASE-9291.
> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
> Key: HBASE-6104
> URL: https://issues.apache.org/jira/browse/HBASE-6104
> Project: HBase
> Issue Type: New Feature
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Andrew Purtell
> Fix For: 0.99.0
>
> Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch,
> 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control. It
> should really be used to enforce access to coprocessor endpoint RPC calls,
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they
> could additionally apply their own permission checks? Some CP endpoints may
> want to require READ permissions, others may want to enforce WRITE, or READ +
> WRITE.
> To apply these kinds of checks we would also have to extend the
> RegionObserver interface to provide hooks wrapping HRegion.exec().
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
