[jira] [Updated] (HBASE-21814) Remove the TODO in AccessControlLists#addUserPermission

Wed, 30 Jan 2019 18:31:13 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-21814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guanghao Zhang updated HBASE-21814:
-----------------------------------
    Description: 
The TODO was added by me. Because this method happens within the RS. The old 
impl use a login user(User.runAsLoginUser where the login user is the user who 
started RS process) to call Table.put(). And it will check the permission when 
put record to ACL table.

 
{code:java}
User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
          @Override
          public Void run() throws Exception {
            AccessControlLists.addUserPermission(regionEnv.getConfiguration(), 
perm,
              regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME), 
request.getMergeExistingPermissions());
            return null;
          }
        });
{code}
 

But after HBASE-21739, no need to User.runAsLoginUser. Because we will call 
Admin method to grant/revoke. And this will be execute in master and use the 
master user(the user who started master process) to call Table.put. So this is 
not a problem now.

  was:The TODO was added by me. Because this method happens within the RS. But 
after HBASE-21739, grant/revoke will execute by master. So this is not a 
problem now.


> Remove the TODO in AccessControlLists#addUserPermission
> -------------------------------------------------------
>
>                 Key: HBASE-21814
>                 URL: https://issues.apache.org/jira/browse/HBASE-21814
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Guanghao Zhang
>            Assignee: Guanghao Zhang
>            Priority: Major
>             Fix For: 3.0.0, 2.2.0, 2.3.0
>
>         Attachments: HBASE-21814.master.001.patch
>
>
> The TODO was added by me. Because this method happens within the RS. The old 
> impl use a login user(User.runAsLoginUser where the login user is the user 
> who started RS process) to call Table.put(). And it will check the permission 
> when put record to ACL table.
>  
> {code:java}
> User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
>           @Override
>           public Void run() throws Exception {
>             
> AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm,
>               regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME), 
> request.getMergeExistingPermissions());
>             return null;
>           }
>         });
> {code}
>  
> But after HBASE-21739, no need to User.runAsLoginUser. Because we will call 
> Admin method to grant/revoke. And this will be execute in master and use the 
> master user(the user who started master process) to call Table.put. So this 
> is not a problem now.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to