[
https://issues.apache.org/jira/browse/HBASE-15483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15203150#comment-15203150
]
meiwen li commented on HBASE-15483:
-----------------------------------
Thank you. I read the release notes and understand current implementation.
However, I feel this a little weird and am afraid this might not what users
expect.
It look like you have plan to improve this?
> After disabling Authorization, user should not be allowed to modify ACL
> record
> -------------------------------------------------------------------------------
>
> Key: HBASE-15483
> URL: https://issues.apache.org/jira/browse/HBASE-15483
> Project: HBase
> Issue Type: Bug
> Components: security
> Reporter: meiwen li
>
> After setting hbase.security.authorization to be false, hbase does NOT do
> authority check for any operations by any users. Thus, any user, including
> read only user, has the authority to grant <user> <any permission>. The
> change to ACL record is lasted and will take effective after next
> authorization enabling.
> The conseqence is,
> A readonly user can change an admin user to be a "readonly" user after a
> round of "disable authorization" and "enable authorization"
> Also,
> A readonly user can change a "readonly" user to be an Admin after such a
> round of disable/enable.
> It is expected that
> after authorization is disabled, the authorization related file, the ACL
> record, should not be open to users and not be changed. Otherwise, after the
> authorization next enablement, the changed ACL takes action and users get
> unexpected authority.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
