[
https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16302997#comment-16302997
]
Appy commented on HBASE-19483:
------------------------------
Need to give another thorough review, holidays in US right now so getting
delayed.
For now, since we are changing default value of a very critical config which
can screw up protected production cluster on upgrade, there are two things we
need to do at minimum:
- Update docs: there are many places where we have suggested configs with
Access/Visibility Controller as cp but is missing this property. Those config
suggestions need to be updated where ever any hbase.coprocessor.*.classes
config has AccessController/VisibilityController as value.
- Ping [~stack]. This is something that needs to be called out in big bold red
in upgrade doc. "If you use AccessController/VisibilityController, please set
hbase.security.authorization config to true before upgrading."
> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
> Key: HBASE-19483
> URL: https://issues.apache.org/jira/browse/HBASE-19483
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Guangxu Cheng
> Fix For: 1.4.1, 1.5.0, 2.0.0-beta-2
>
> Attachments: HBASE-19483.master.001.patch,
> HBASE-19483.master.002.patch, HBASE-19483.master.003.patch,
> HBASE-19483.master.004.patch, HBASE-19483.master.005.patch,
> HBASE-19483.master.006.patch, HBASE-19483.master.007.patch,
> HBASE-19483.master.008.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and
> list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup /
> get_rsgroup commands.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
