[
https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289639#comment-16289639
]
Ted Yu commented on HBASE-19483:
--------------------------------
The rs group hooks from AccessController.java would be migrated to
RSGroupAdminEndpoint which does the permission checking.
w.r.t. 1.4, even if this migration is not done, the new hooks in Guangxu's
patch should be added to plug security hole.
> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
> Key: HBASE-19483
> URL: https://issues.apache.org/jira/browse/HBASE-19483
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Guangxu Cheng
> Fix For: 2.0.0-beta-1
>
> Attachments: HBASE-19483.master.001.patch,
> HBASE-19483.master.002.patch, HBASE-19483.master.003.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and
> list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup /
> get_rsgroup commands.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
