[
https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Purtell updated HBASE-6104:
----------------------------------
Release Note: If access control is active (the AccessController coprocessor
is installed either as a system coprocessor or on a table as a table
coprocessor) and the "hbase.security.exec.permission.checks" configuration
setting is "true", then you must now grant all relevant users EXEC privilege if
they require the ability to execute coprocessor endpoint calls. EXEC privilege,
like any other permission, can be granted globally to a user, or to a user on a
per table or per namespace basis. For more information on coprocessor
endpoints, see the coprocessor section of the HBase online manual. For more
information on granting or revoking permissions using the AccessController, see
the security section of the HBase online manual. (was: If access control is
active (the AccessController coprocessor is installed either as a system
coprocessor or on a table as a table coprocessor) then you must now grant all
relevant users EXEC privilege if they require the ability to execute
coprocessor endpoint calls. EXEC privilege, like any other permission, can be
granted globally to a user, or to a user on a per table or per namespace basis.
For more information on coprocessor endpoints, see the coprocessor section of
the HBase online manual. For more information on granting or revoking
permissions using the AccessController, see the security section of the HBase
online manual.)
> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
> Key: HBASE-6104
> URL: https://issues.apache.org/jira/browse/HBASE-6104
> Project: HBase
> Issue Type: New Feature
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Andrew Purtell
> Fix For: 0.98.0, 0.99.0
>
> Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch,
> 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control. It
> should really be used to enforce access to coprocessor endpoint RPC calls,
> which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol
> extension?
> * Should it be possible to grant access to a CoprocessorProtocol
> implementation globally (regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they
> could additionally apply their own permission checks? Some CP endpoints may
> want to require READ permissions, others may want to enforce WRITE, or READ +
> WRITE.
> To apply these kinds of checks we would also have to extend the
> RegionObserver interface to provide hooks wrapping HRegion.exec().
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
