[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14384229#comment-14384229
]
Andrew Purtell edited comment on HBASE-13275 at 3/27/15 5:50 PM:
-----------------------------------------------------------------
bq. So what will be the real adv of we allow the admin ops in passive mode? Am
I missing any thing?
I personally wouldn't install the security coprocessors if I didn't want them
active, because of the performance hit, but stepped back and considered if
there's any use for it. Certainly you can imagine "try before you buy" pilots,
where ACLs are put in place and there are reviews of the audit logs to
determine if policy is working as expected, yet never any unexpected
application outage from incorrect policy.
Turn this question around. What if we just disabled everything with
'hbase.security.authorization'=false, even audit logging and the ability to set
up test grants. Then the coprocessor is just dead weight. At least here there
is the possibility of some usefulness.
Either disabling _everything_ or the "passive mode" I suggest will meet the
objective of this issue which is 'setting hbase.security.authorization to false
does not disable authorization', we will fix that so setting
hbase.security.authorization to false does disable authorization. Why not do
the option which also may provide users some utility?
If you are still not swayed by this argument, I don't care that much, we can
just disable everything.
bq. Right now any way we dont allow passing Tags from client to server (Unless
user is a super user)
I pass cell TTLs through in KeyValues in some HRegion tests, but I see I'm
using the region object directly, so was confused about this. But all that
prevents this is the codec implementation, right?
was (Author: apurtell):
bq. So what will be the real adv of we allow the admin ops in passive mode? Am
I missing any thing?
I personally wouldn't install the security coprocessors if I didn't want them
active, because of the performance hit, but stepped back and considered if
there's any use for it. Certainly you can imagine "try before you buy" pilots,
where ACLs are put in place and there are reviews of the audit logs to
determine if policy is working as expected.
Turn this question around. What if we just disabled everything with
'hbase.security.authorization'=false, even audit logging and the ability to set
up test grants. Then the coprocessor is just dead weight. At least here there
is the possibility of some usefulness.
Either disabling _everything_ or the "passive mode" I suggest will meet the
objective of this issue which is 'setting hbase.security.authorization to false
does not disable authorization', we will fix that so setting
hbase.security.authorization to false does disable authorization. Why not do
the option which also may provide users some utility?
If you are still not swayed by this argument, I don't care that much, we can
just disable everything.
bq. Right now any way we dont allow passing Tags from client to server (Unless
user is a super user)
I pass cell TTLs through in KeyValues in some HRegion tests, but I see I'm
using the region object directly, so was confused about this. But all that
prevents this is the codec implementation, right?
> Setting hbase.security.authorization to false does not disable authorization
> ----------------------------------------------------------------------------
>
> Key: HBASE-13275
> URL: https://issues.apache.org/jira/browse/HBASE-13275
> Project: HBase
> Issue Type: Bug
> Reporter: William Watson
> Assignee: Andrew Purtell
> Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
>
> Attachments: HBASE-13275.patch, HBASE-13275.patch
>
>
> According to the docs provided by Cloudera (we're not running Cloudera, BTW),
> this is the list of configs to enable authorization in HBase:
> {code}
> <property>
> <name>hbase.security.authorization</name>
> <value>true</value>
> </property>
> <property>
> <name>hbase.coprocessor.master.classes</name>
> <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
> <name>hbase.coprocessor.region.classes</name>
>
> <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> {code}
> We wanted to then disable authorization but simply setting
> hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
