[
https://issues.apache.org/jira/browse/HBASE-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Drob updated HBASE-16141:
------------------------------
Fix Version/s: (was: 2.0.0)
2.1.0
3.0.0
Moving this and open subtasks to 2.1/3.0, please pull back if work gets done on
them
> Unwind use of UserGroupInformation.doAs() to convey requester identity in
> coprocessor upcalls
> ---------------------------------------------------------------------------------------------
>
> Key: HBASE-16141
> URL: https://issues.apache.org/jira/browse/HBASE-16141
> Project: HBase
> Issue Type: Improvement
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
> Priority: Major
> Fix For: 3.0.0, 2.1.0, 1.5.0
>
>
> In discussion on HBASE-16115, there is some discussion of whether
> UserGroupInformation.doAs() is the right mechanism for propagating the
> original requester's identify in certain system contexts (splits,
> compactions, some procedure calls). It has the unfortunately of overriding
> the current user, which makes for very confusing semantics for coprocessor
> implementors. We should instead find an alternate mechanism for conveying
> the caller identity, which does not override the current user context.
> I think we should instead look at passing this through as part of the
> ObserverContext passed to every coprocessor hook.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
