[
https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381211#comment-14381211
]
Andrew Purtell commented on HBASE-13336:
----------------------------------------
The rules, in my opinion, should be:
- Allow adding columns, but only if superuser
- Allow modifying column or table descriptor attributes, but only if superuser
- Unconditionally disallow column and table drops. If the superuser is asking,
log a WARN indicating the coprocessors must be removed from config first.
- Unconditionally disallow table disable. If the superuser is asking, log a
WARN indicating the coprocessors must be removed from config first.
- Allow enable (a no-op hopefully) and other admin requests (flush, compaction,
region move), only if the user has ADMIN privilege (AC) or if superuser (VC)
> Consistent rules for security meta table protections
> ----------------------------------------------------
>
> Key: HBASE-13336
> URL: https://issues.apache.org/jira/browse/HBASE-13336
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
>
> The AccessController and VisibilityController do different things regarding
> protecting their meta tables. The AC allows schema changes and disable/enable
> if the user has permission. The VC unconditionally disallows all admin
> actions. Generally, bad things will happen if these meta tables are damaged,
> disabled, or dropped. The likely outcome is random frequent (or constant)
> server side op failures with nasty stack traces. We should have consistent
> and sensible rules for protecting security meta tables.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
