[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14376793#comment-14376793
]
Andrew Purtell edited comment on HBASE-13275 at 3/23/15 10:34 PM:
------------------------------------------------------------------
I will fix the line lengths.
bq. Disabling authorization also has the side effect of disabling auditing,
except where users invoke the service APIs, like AC grant or revoke, or VC
label add or assignment. I could look at leaving audit enabled but this would
touch a lot more lines of code.
While going back to fix line length issues I will also see about having audit
messages print for all actions even when authorization is disabled. You'll be
able to see the difference by comparing the two patches. Might be acceptable.
was (Author: apurtell):
I will fix the line lengths.
bq. Disabling authorization also has the side effect of disabling auditing,
except where users invoke the service APIs, like AC grant or revoke, or VC
label add or assignment. I could look at leaving audit enabled but this would
touch a lot more lines of code.
While going back to fix line length issues I will also see about leaving audit
in place. You'll be able to see the difference by comparing the two patches.
Might be acceptable.
> Setting hbase.security.authorization to false does not disable authorization
> ----------------------------------------------------------------------------
>
> Key: HBASE-13275
> URL: https://issues.apache.org/jira/browse/HBASE-13275
> Project: HBase
> Issue Type: Bug
> Reporter: William Watson
> Assignee: Andrew Purtell
> Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
>
> Attachments: HBASE-13275.patch
>
>
> According to the docs provided by Cloudera (we're not running Cloudera, BTW),
> this is the list of configs to enable authorization in HBase:
> {code}
> <property>
> <name>hbase.security.authorization</name>
> <value>true</value>
> </property>
> <property>
> <name>hbase.coprocessor.master.classes</name>
> <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
> <name>hbase.coprocessor.region.classes</name>
>
> <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> {code}
> We wanted to then disable authorization but simply setting
> hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
