[jira] [Updated] (HBASE-13336) Consistent rules for security meta table protections

Wed, 25 Mar 2015 18:58:50 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Purtell updated HBASE-13336:
-----------------------------------
    Description: The AccessController and VisibilityController do different 
things regarding protecting their meta tables. The AC allows schema changes and 
disable/enable if the user has permission. The VC unconditionally disallows all 
admin actions. Generally, bad things will happen if these meta tables are 
damaged, disabled, or dropped. The likely outcome is random frequent (or 
constant) server side op failures with nasty stack traces. On the other hand 
some things like column family and table attribute changes can have valid use 
cases. We should have consistent and sensible rules for protecting security 
meta tables.  (was: The AccessController and VisibilityController do different 
things regarding protecting their meta tables. The AC allows schema changes and 
disable/enable if the user has permission. The VC unconditionally disallows all 
admin actions. Generally, bad things will happen if these meta tables are 
damaged, disabled, or dropped. The likely outcome is random frequent (or 
constant) server side op failures with nasty stack traces. We should have 
consistent and sensible rules for protecting security meta tables.)

> Consistent rules for security meta table protections
> ----------------------------------------------------
>
>                 Key: HBASE-13336
>                 URL: https://issues.apache.org/jira/browse/HBASE-13336
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>
> The AccessController and VisibilityController do different things regarding 
> protecting their meta tables. The AC allows schema changes and disable/enable 
> if the user has permission. The VC unconditionally disallows all admin 
> actions. Generally, bad things will happen if these meta tables are damaged, 
> disabled, or dropped. The likely outcome is random frequent (or constant) 
> server side op failures with nasty stack traces. On the other hand some 
> things like column family and table attribute changes can have valid use 
> cases. We should have consistent and sensible rules for protecting security 
> meta tables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to