[
https://issues.apache.org/jira/browse/HBASE-12644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14237069#comment-14237069
]
Jerry He commented on HBASE-12644:
----------------------------------
Hi, [~anoop.hbase]
Let me step back a little.
Currently we can actually use 'clear_auths' to remove a super user's 'system'
auth.
For example,
{code}
clear_auths 'superuser1', 'system'
{code}
Similarly, we can use 'set_auths' to grant 'system' auth.
But the concept of super users should probably means 'automatic' privilege
without explicit 'set' or 'clear'.
Since we use a hbase-site.xml property to determine super users at startup
time,
presence or absence in the property will determine the privilege without a need
of any explicit action.
The proposed approach is to let super users (their auths) only stay in cache,
not persist them.
Otherwise we will have complexity to maintain consistency with the property
value in case it changes.
Looking over the AccessController class, I think it is done this way.
After doing some testing, I realize the patch seems not enough. The super user
auths are also persisted in ZK node together with the other auths.
I should change that as well.
What do you think?
> Visibility Labels: issue with storing super users in labels table
> -----------------------------------------------------------------
>
> Key: HBASE-12644
> URL: https://issues.apache.org/jira/browse/HBASE-12644
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.98.8, 0.99.2
> Reporter: Jerry He
> Assignee: Jerry He
> Fix For: 1.0.0, 0.98.9
>
> Attachments: HBASE-12644-master.patch
>
>
> Super users have all the permissions for ACL and Visibility labels.
> They are defined in hbase-site.xml.
> Currently in VisibilityController, we persist super user with their system
> permission in hbase:labels.
> This makes change in super user difficult.
> There are two issues:
> In the current DefaultVisibilityLabelServiceImpl.addSystemLabel, we only add
> super user when we initially create the 'system' label.
> No additional update after that even if super user changed. See code for
> details.
>
> Additionally, there is no mechanism to remove any super user from the labels
> table.
>
> We probably should not persist super users in the labels table.
> They are in hbase-site.xml and can just stay in labelsCache and used from
> labelsCache after retrieval by Visibility Controller.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
