[
https://issues.apache.org/jira/browse/HBASE-13769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14559799#comment-14559799
]
Enis Soztutar commented on HBASE-13769:
---------------------------------------
The patch at HBASE-13768 does not change the perms for rs/, table/ and
region-in-transition, only the /table-lock.
We should do these case-by-case:
- table/ : I think this is needed to be world readable since clients check the
table status in locate region in Connection (to check if table is disabled)
- rs/ : ZooKeeperRegistry uses it. And my understanding is that
ConnectionImpl.getCurrentNrHRS() uses it. Seems like this should instead work
over getClusterStatus() instead of this.
- backup-masters/ : I could not find why this is needed to be
client-visible.
- region-in-transition/ : I could not find why this is needed to be
client-visible.
> Some ZK ACLs are unnecessarily permissive
> -----------------------------------------
>
> Key: HBASE-13769
> URL: https://issues.apache.org/jira/browse/HBASE-13769
> Project: HBase
> Issue Type: Bug
> Reporter: Andrew Purtell
> Priority: Critical
>
> Some ZK ACLs are unnecessarily permissive. We can remove permissions for
> 'world' on backup-masters/, region-in-transition/, rs/, and table/.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
