[
https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guangxu Cheng updated HBASE-19483:
----------------------------------
Release Note:
This JIRA aims at refactoring AccessController, using ACL as core library in
CPs.
1. Stripping out a public class AccessChecker from AccessController, using ACL
as core library in CPs. AccessChecker don't have any dependency on anything CP
related. Create it's instance from other CPS.
2. Change the default value of hbase.security.authorization to false.
3. Don't use CP hooks to check access in RSGroup. Use the access checker
instance directly in functions of RSGroupAdminServiceImpl.
> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
> Key: HBASE-19483
> URL: https://issues.apache.org/jira/browse/HBASE-19483
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Guangxu Cheng
> Fix For: 1.4.1, 1.5.0, 2.0.0-beta-2
>
> Attachments: HBASE-19483.master.001.patch,
> HBASE-19483.master.002.patch, HBASE-19483.master.003.patch,
> HBASE-19483.master.004.patch, HBASE-19483.master.005.patch,
> HBASE-19483.master.006.patch, HBASE-19483.master.007.patch,
> HBASE-19483.master.008.patch, HBASE-19483.master.009.patch,
> HBASE-19483.master.010.patch, HBASE-19483.master.011.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and
> list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup /
> get_rsgroup commands.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
