[
https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289453#comment-13289453
]
Andrew Purtell commented on HBASE-6096:
---------------------------------------
bq. Currently, concurrent access control operations (grant, revoke) may fail.
Should we consider supporting concurrency for these operations in v2?
Maybe you can provide more context?
Note that the permissions caches on each RS will synchronize with updates to
the ACL table only after their ZK watches fire, which will be soon thereafter
but not immediate. "Tightening" this means an ACL table read for every cluster
operation, an instant hot spot, hence the design motivation for the caching. So
for some short period after a grant, access may be denied; and, conversely, for
some short period after a revoke, access may be allowed. This does not mean we
cannot claim HBase as secure, because after ACLs are set up and the application
goes production, it is enforced.
> AccessController v2
> -------------------
>
> Key: HBASE-6096
> URL: https://issues.apache.org/jira/browse/HBASE-6096
> Project: HBase
> Issue Type: Umbrella
> Components: security
> Affects Versions: 0.96.0, 0.94.1
> Reporter: Andrew Purtell
>
> Umbrella issue for iteration on the initial AccessController drop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
