[jira] [Commented] (HBASE-21591) Support ability to have host based permissions

[Andrew Purtell (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-21591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737756#comment-16737756
 ] 

Andrew Purtell commented on HBASE-21591:
----------------------------------------

This seems fine, given the available detail to evaluate the proposal. Try to 
minimize coprocessor API changes. For example, consider using the RPC static 
helper method to retrieve the client IP address from the RPC context and put it 
in the observer context instead of passing it through as a new method 
parameter. Changes to private interfaces will all be fine.

> Support ability to have host based permissions
> ----------------------------------------------
>
>                 Key: HBASE-21591
>                 URL: https://issues.apache.org/jira/browse/HBASE-21591
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Clay B.
>            Assignee: Clay B.
>            Priority: Trivial
>
> Today, one can put in an ACL rule where a user is not permitted to read data 
> but can insert data (e.g. {{grant 'user', 'table', 'W'}}). However, one can 
> not implement HBase as a "drop-box" for data where by in a secure network, 
> one can read and write data but outside that secure network one can only 
> write data; and I do not believe this is possible with custom access 
> controllers, unless one "wraps" HBase; e.g. with the HBase REST server.
> I have been pushing for this model (e.g. [Of Data Dropboxes and Data 
> Gloveboxes|https://thestrangeloop.com/2018/of-data-dropboxes-and-data-gloveboxes.html]
>  or 
> [slides|http://clayb.net/presentations/Of%20Data%20Dropboxes%20and%20Data%20Gloveboxes.pdf])
>  in a number of technologies for some data compartmentalization initiatives.
> I propose passing the requester's host information through the HBase 
> authentication stack so that the ACL model in HBase can work akin to the SQL 
> semantics of {{user@host}} or {{user@<anywhere>}}.The expected impact would 
> be to HBase private interfaces only, so far in POC'ing it seems the following 
> would be impacted:
> Access Control Classes/ACL Table Management:
> * AccessControlUtil
> * UserPermission
> * AccessChecker
> * AccessControlFilter
> * AccessController
> * AuthResult
> * TableAuthManager
> * AccessControl.proto
> Co-Processor APIs for Checking Authentication:
> * CoprocessorHost
> * ObserverContext
> * ObserverContextImpl
> * RSRpcServices
> * RSGroupAdminEndpoint



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)