[
https://issues.apache.org/jira/browse/HBASE-14111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14630572#comment-14630572
]
Andrew Purtell edited comment on HBASE-14111 at 7/17/15 12:08 AM:
------------------------------------------------------------------
That's not correct, if you have the AccessController running on the cluster and
ACLs set up, the REST gateway cannot bypass them, it is just another client. I
think you need to provide more detail on your setup.
User access through the gateway will have as effective principal that under
which the REST gateway is running, unless you enable impersonation. Perhaps
this is what you are getting at? Information on how to operate the REST gateway
in a secure environment can be found in the online manual
(https://hbase.apache.org/book.html). See especially
https://hbase.apache.org/book.html#security.rest.gateway and the previous
section.
was (Author: apurtell):
That's not correct, if you have the AccessController running on the cluster and
ACLs set up, the REST gateway cannot bypass them, it is just another client. I
think you need to provide more detail on your setup.
> Enable HBase ACL in REST operations
> -----------------------------------
>
> Key: HBASE-14111
> URL: https://issues.apache.org/jira/browse/HBASE-14111
> Project: HBase
> Issue Type: Improvement
> Components: REST, security
> Reporter: Roberto Arias-Yacupoma
> Priority: Minor
> Labels: patch, security
>
> Currently for any operations performed by users through REST service, the
> internal HBase ACL is bypassed and users can perform any operation without
> security restrictions (they can view and insert data to any location).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
