[ https://issues.apache.org/jira/browse/HBASE-21481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16690391#comment-16690391 ]
Reid Chan edited comment on HBASE-21481 at 11/17/18 5:45 AM: ------------------------------------------------------------- * Add a check on target user/group whether he is a superuser or a user in supergroup or neither. * Add a new test: {{TestRpcAccessChecks#testGrantRevokeDeniedOnSuperUsersGroups}} which includes group permission test cases. * Change visibility of {{TestingGroups}} to _public_ for test, otherwise, it can't be initialized in AccessChecker. was (Author: reidchan): * Add a check on target user/group where he is a superuser or a user in supergroup. * Add a new test: {{TestRpcAccessChecks#testGrantRevokeDeniedOnSuperUsersGroups}} which includes group permission test cases. * Change visibility of {{TestingGroups}} to _public_ for test, otherwise, it can't be initialized in AccessChecker. > [acl] Superuser's permissions should not be granted or revoked by any non-su > global admin > ----------------------------------------------------------------------------------------- > > Key: HBASE-21481 > URL: https://issues.apache.org/jira/browse/HBASE-21481 > Project: HBase > Issue Type: Improvement > Reporter: Reid Chan > Assignee: Reid Chan > Priority: Major > Labels: ACL, security-issue > Fix For: 3.0.0, 2.2.0 > > Attachments: HBASE-21481.master.001.patch > > > Superusers are {{hbase.superuser}} listed in configuration and plus the one > who start master process, these two may be overlap. > A superuser must be a global admin, but a global admin may not be a > superuser, possibly granted afterwards. > For now, an non-su global admin with a Global.ADMIN permission can grant or > revoke any superuser's permission, accidentally or deliberately. > The purpose of this issue is to ban this action. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)