[
https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14647867#comment-14647867
]
Matteo Bertozzi commented on HBASE-14169:
-----------------------------------------
in general we send an RPC on the server side, and the server side deals with
propagating that request to other machines. This is probably the first case (at
least in the ACL) where the client ask each machine to execute something.
and this will probably prevent to reimplement a proper "refresh propagation" in
a compatible way.
I think we should follow the same pattern of grant/revoke. The client goes to
the ACL endpoint, and the ACL endpoint propagate the request. At least we can
change the server side intercommunication at any point without having to worry
about the client compatibility.
> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>
> Key: HBASE-14169
> URL: https://issues.apache.org/jira/browse/HBASE-14169
> Project: HBase
> Issue Type: New Feature
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: HBASE-14169.patch
>
>
> For deployments that use security. User impersonation (AKA doAs()) is needed
> for some services (ie Stargate, thriftserver, Oozie, etc). Impersonation
> definitions are defined in a xml config file and read and cached by the
> ProxyUsers class. Calling this api will refresh cached information,
> eliminating the need to restart the master/regionserver whenever the
> configuration is changed.
> Implementation just adds another method to AccessControlService.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
