[
https://issues.apache.org/jira/browse/HBASE-20639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16492040#comment-16492040
]
Ted Yu commented on HBASE-20639:
--------------------------------
{code}
- verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
- USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE,
USER_GROUP_READ,
+ USER_GROUP_WRITE, USER_GROUP_CREATE);
{code}
If possible, preserve the formation of the original line wrapping - it would be
easier for reviewers to verify the patch.
> Implement permission checking through AccessController instead of
> RSGroupAdminEndpoint
> --------------------------------------------------------------------------------------
>
> Key: HBASE-20639
> URL: https://issues.apache.org/jira/browse/HBASE-20639
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Nihal Jain
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: HBASE-20639.master.001.patch
>
>
> Currently permission checking for various RS group operations is done via
> RSGroupAdminEndpoint.
> e.g. in RSGroupAdminServiceImpl#moveServers() :
> {code}
> checkPermission("moveServers");
> groupAdminServer.moveServers(hostPorts, request.getTargetGroup());
> {code}
> The practice in remaining parts of hbase is to perform permission checking
> within AccessController.
> Now that observer hooks for RS group operations are in right place, we should
> follow best practice and move permission checking to AccessController.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
