[
https://issues.apache.org/jira/browse/HBASE-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Kyle Purtell resolved HBASE-16141.
-----------------------------------------
Fix Version/s: (was: 1.7.0)
(was: 3.0.0)
Assignee: (was: Gary Helmling)
Resolution: Later
> Unwind use of UserGroupInformation.doAs() to convey requester identity in
> coprocessor upcalls
> ---------------------------------------------------------------------------------------------
>
> Key: HBASE-16141
> URL: https://issues.apache.org/jira/browse/HBASE-16141
> Project: HBase
> Issue Type: Improvement
> Components: Coprocessors, security
> Reporter: Gary Helmling
> Priority: Major
>
> In discussion on HBASE-16115, there is some discussion of whether
> UserGroupInformation.doAs() is the right mechanism for propagating the
> original requester's identify in certain system contexts (splits,
> compactions, some procedure calls). It has the unfortunately of overriding
> the current user, which makes for very confusing semantics for coprocessor
> implementors. We should instead find an alternate mechanism for conveying
> the caller identity, which does not override the current user context.
> I think we should instead look at passing this through as part of the
> ObserverContext passed to every coprocessor hook.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
