[
https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary Helmling updated HBASE-16217:
----------------------------------
Status: Patch Available (was: Open)
The attached patch is a first step in eliminating use of
UserGroupInformation.doAs() for permissions checking:
* adds a User instance to ObserverContext identifying the calling user for the
coprocessor context
* updates AccessController to make use of this for permissions checks
* eliminates use of UserGroupInformation.doAs() for permissions checks in
procedure paths, compactions, splits, region merges
> Identify calling user in ObserverContext
> ----------------------------------------
>
> Key: HBASE-16217
> URL: https://issues.apache.org/jira/browse/HBASE-16217
> Project: HBase
> Issue Type: Sub-task
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
> Fix For: 2.0.0, 1.4.0
>
> Attachments: HBASE-16217.master.001.patch
>
>
> We already either explicitly pass down the relevant User instance initiating
> an action through the call path, or it is available through
> RpcServer.getRequestUser(). We should carry this through in the
> ObserverContext for coprocessor upcalls and make use of it for permissions
> checking.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
