[jira] [Commented] (HBASE-20639) Implement permission checking through AccessController instead of RSGroupAdminEndpoint

Ted Yu (JIRA) Thu, 24 May 2018 12:02:04 -0700

    [ 
https://issues.apache.org/jira/browse/HBASE-20639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16489598#comment-16489598
 ]


Ted Yu commented on HBASE-20639:
--------------------------------

You're so kind.

Please go ahead.

> Implement permission checking through AccessController instead of 
> RSGroupAdminEndpoint
> --------------------------------------------------------------------------------------
>
>                 Key: HBASE-20639
>                 URL: https://issues.apache.org/jira/browse/HBASE-20639
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Priority: Major
>
> Currently permission checking for various RS group operations is done via 
> RSGroupAdminEndpoint.
> e.g. in RSGroupAdminServiceImpl#moveServers() :
> {code}
>         checkPermission("moveServers");
>         groupAdminServer.moveServers(hostPorts, request.getTargetGroup());
> {code}
> The practice in remaining parts of hbase is to perform permission checking 
> within AccessController.
> Now that observer hooks for RS group operations are in right place, we should 
> follow best practice and move permission checking to AccessController.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HBASE-20639) Implement permission checking through AccessController instead of RSGroupAdminEndpoint

Reply via email to