[ https://issues.apache.org/jira/browse/HBASE-19402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16373606#comment-16373606 ]
Appy commented on HBASE-19402: ------------------------------ We can't limit it to any particular username. It's not right to assume that all users will be able to run hbase with 'hbase' user. Also, we need to define perms as a function of [access level and scope|http://hbase.apache.org/book.html#_understanding_access_levels]. So should be at minimum, global + admin? > Add missing security check for RegionServerStatusService RPCs > ------------------------------------------------------------- > > Key: HBASE-19402 > URL: https://issues.apache.org/jira/browse/HBASE-19402 > Project: HBase > Issue Type: Sub-task > Affects Versions: 2.0.0-beta-1 > Reporter: Balazs Meszaros > Priority: Major > > The following RPC methods do not call the observers, therefore they are not > guarded by AccessController: > - regionServerStartup > - regionServerReport > - reportRSFatalError > - reportRegionStateTransition > - reportRegionSpaceUse -- This message was sent by Atlassian JIRA (v7.6.3#76005)