[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292441#comment-13292441 ]
Laxman commented on HBASE-6092: ------------------------------- Following is the approach I'm planning to proceed with. 1) split, compact and flush - authorize in AccessController using existing hooks. 2) pre/postSplit, pre/postCompact, pre/postFlush - signature in RegionObserver interface should be inline with other methods. [add missing throws clause] 3) if this operation is user triggered, authorization should be done with request user. otw, with system principal. [i guess this is implicitly taken care in AccessController.getActiveUser()] please validate. > Authorize flush, split, compact operations in AccessController > -------------------------------------------------------------- > > Key: HBASE-6092 > URL: https://issues.apache.org/jira/browse/HBASE-6092 > Project: HBase > Issue Type: Sub-task > Components: security > Reporter: Laxman > Assignee: Laxman > Labels: acl, security > > Currently, flush, split and compaction are not checked for authorization in > AccessController. With the current implementation any unauthorized client can > trigger these operations on a table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira