[jira] [Comment Edited] (HBASE-6104) Require EXEC permission to call coprocessor endpoints

Mon, 06 Jan 2014 13:56:36 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13863475#comment-13863475
 ] 

Andrew Purtell edited comment on HBASE-6104 at 1/6/14 9:55 PM:
---------------------------------------------------------------

bq. Before I commit this to trunk (and maybe to 0.98... I am tempted ... other 
security features have been bundled into it)

I am going to bring this into 0.98, but one more rev of the patch first: Let's 
make enforcement of EXEC privilege optional and disabled by default for 0.98, 
then on unconditionally in a later release. Thanks to [[email protected]] for 
the suggestion.


was (Author: apurtell):
bq. Before I commit this to trunk (and maybe to 0.98... I am tempted ... other 
security features have been bundled into it)

I am going to bring this into 0.98, but one more rev of the patch first: Let's 
make enforcement of EXEC privilege optional and disabled by default for 0.98, 
then on unconditionally in a later release.

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: New Feature
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0, 0.99.0
>
>         Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch, 
> 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It 
> should really be used to enforce access to coprocessor endpoint RPC calls, 
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol 
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol 
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they 
> could additionally apply their own permission checks? Some CP endpoints may 
> want to require READ permissions, others may want to enforce WRITE, or READ + 
> WRITE.
> To apply these kinds of checks we would also have to extend the 
> RegionObserver interface to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to