[jira] [Commented] (HBASE-5371) Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API

Sat, 18 Feb 2012 10:00:22 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-5371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13211033#comment-13211033
 ] 

Andrew Purtell commented on HBASE-5371:
---------------------------------------

{quote} 
bq. It can't because it changes the protocol version of 
AccessControllerProtocol.

Right, since we bumped the protocol version, it will be incompatible. [...] 
What about re-changing the version to 1, since we just added a new method, but 
not changed anything on the wire, it should be compatible. The only catch is 
that if you invoke the new API from a new client, but the server is using the 
old version, you would get a NoSuchMethod or smt.
{quote}

I've seen this approach used in HDFS. (At least in CDH.) The client can catch 
the NoSuchMethodException, set a boolean or similar to note that it is talking 
with an older version, and try an alternate strategy.

I think this is a reasonable approach until we have a more general solution for 
cross-version (and backwards) RPC compatibility.
                
> Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) 
> API
> --------------------------------------------------------------------------------
>
>                 Key: HBASE-5371
>                 URL: https://issues.apache.org/jira/browse/HBASE-5371
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 0.94.0, 0.92.1
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>             Fix For: 0.94.0
>
>         Attachments: HBASE-5371_v2.patch, HBASE-5371_v3-noprefix.patch, 
> HBASE-5371_v3.patch
>
>
> We need to introduce something like 
> AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so 
> that clients can check access rights before carrying out the operations. We 
> need this kind of operation for HCATALOG-245, which introduces authorization 
> providers for hbase over hcat. We cannot use getUserPermissions() since it 
> requires ADMIN permissions on the global/table level.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to