[
https://issues.apache.org/jira/browse/HBASE-13769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14611165#comment-14611165
]
Enis Soztutar commented on HBASE-13769:
---------------------------------------
This is the current logic for isClientReadable after 13768:
{code}
public boolean isClientReadable(String node) {
return
node.equals(baseZNode) ||
isAnyMetaReplicaZnode(node) ||
node.equals(getMasterAddressZNode()) ||
node.equals(clusterIdZNode)||
node.equals(rsZNode) ||
// /hbase/table and /hbase/table/foo is allowed, /hbase/table-lock is
not
node.equals(tableZNode) ||
node.startsWith(tableZNode + "/");
{code}
from the above list, the only fishy one is rsZNode. Not sure whether that needs
to be visible to the clients. Other than that, all others should be needed.
We can abstract away zk altogether from the client side, but it is a different
discussion.
> Some ZK ACLs are unnecessarily permissive
> -----------------------------------------
>
> Key: HBASE-13769
> URL: https://issues.apache.org/jira/browse/HBASE-13769
> Project: HBase
> Issue Type: Bug
> Reporter: Andrew Purtell
> Priority: Critical
>
> Some ZK ACLs are unnecessarily permissive. We can remove permissions for
> 'world' on backup-masters/, region-in-transition/, rs/, and table/.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
