[
https://issues.apache.org/jira/browse/HBASE-22208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yi Mei updated HBASE-22208:
---------------------------
Description:
In HBase access control service, access checker performs authorization checks
for a given user's assigned permissions. The access checker holds a auth
manager instance which cache all global, namespace and table permissions.
A access checker is created when master, RS and region load AccessController,
permission cache is refreshed when acl znode changed.
We can create access checker when master and RS start and expose it in order to
use procedure to refresh its cache rather than watch ZK.
was:
In HBase access control service, auth manager cache all global, namespace and
table permissions, and performs authorization checks for a given user's
assigned permissions.
The auth manager instance is created when master, RS and region load
AccessController. Its cache is refreshed when acl znode changed.
We can create auth manager when master and RS start and expose it in order to
use procedure to refresh its cache rather than watch ZK.
Summary: Create access checker and expose it in RS (was: Create auth
manager and expose it in RS)
> Create access checker and expose it in RS
> -----------------------------------------
>
> Key: HBASE-22208
> URL: https://issues.apache.org/jira/browse/HBASE-22208
> Project: HBase
> Issue Type: Sub-task
> Reporter: Yi Mei
> Assignee: Yi Mei
> Priority: Major
> Attachments: HBASE-22208.master.001.patch,
> HBASE-22208.master.002.patch
>
>
> In HBase access control service, access checker performs authorization checks
> for a given user's assigned permissions. The access checker holds a auth
> manager instance which cache all global, namespace and table permissions.
> A access checker is created when master, RS and region load AccessController,
> permission cache is refreshed when acl znode changed.
> We can create access checker when master and RS start and expose it in order
> to use procedure to refresh its cache rather than watch ZK.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
