[jira] [Commented] (HBASE-21481) [acl] Superuser's permissions should not be granted or revoked by any non-su global admin

Fri, 01 Mar 2019 15:22:46 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-21481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782202#comment-16782202
 ] 

Hudson commented on HBASE-21481:
--------------------------------

Results for branch branch-2
        [build #1720 on 
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1720/]: 
(x) *{color:red}-1 overall{color}*
----
details (if available):

(x) {color:red}-1 general checks{color}
-- For more information [see general 
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1720//General_Nightly_Build_Report/]




(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) 
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1720//JDK8_Nightly_Build_Report_(Hadoop2)/]


(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1720//JDK8_Nightly_Build_Report_(Hadoop3)/]


(x) {color:red}-1 source release artifact{color}
-- See build output for details.


(x) {color:red}-1 client integration test{color}
-- Something went wrong with this stage, [check relevant console 
output|https://builds.apache.org/job/HBase%20Nightly/job/branch-2/1720//console].


> [acl] Superuser's permissions should not be granted or revoked by any non-su 
> global admin
> -----------------------------------------------------------------------------------------
>
>                 Key: HBASE-21481
>                 URL: https://issues.apache.org/jira/browse/HBASE-21481
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Reid Chan
>            Assignee: Reid Chan
>            Priority: Major
>              Labels: ACL, security-issue
>             Fix For: 3.0.0, 2.2.0, 2.3.0
>
>         Attachments: HBASE-21481.master.001.patch, 
> HBASE-21481.master.002.patch, HBASE-21481.master.003.patch, 
> HBASE-21481.master.004.patch, HBASE-21481.master.005.patch, 
> HBASE-21481.master.006.patch, HBASE-21481.master.007.patch, 
> HBASE-21481.master.008.patch, HBASE-21481.master.009.patch, 
> HBASE-21481.master.010.patch, HBASE-21481.master.011.patch, 
> HBASE-21481.master.012.patch, HBASE-21481.master.013.patch, 
> HBASE-21481.master.014.patch, HBASE-21481.master.014.patch, 
> HBASE-21481.master.014.patch
>
>
> Superusers are {{hbase.superuser}} listed in configuration and plus the one 
> who start master process, these two may be overlap.
> A superuser must be a global admin, but a global admin may not be a 
> superuser, possibly granted afterwards.
> For now, an non-su global admin with a Global.ADMIN permission can grant or 
> revoke any superuser's permission, accidentally or deliberately.
> The purpose of this issue is to ban this action.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to