[
https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292441#comment-13292441
]
Laxman commented on HBASE-6092:
-------------------------------
Following is the approach I'm planning to proceed with.
1) split, compact and flush - authorize in AccessController using existing
hooks.
2) pre/postSplit, pre/postCompact, pre/postFlush - signature in RegionObserver
interface should be inline with other methods. [add missing throws clause]
3) if this operation is user triggered, authorization should be done with
request user. otw, with system principal. [i guess this is implicitly taken
care in AccessController.getActiveUser()]
please validate.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> Currently, flush, split and compaction are not checked for authorization in
> AccessController. With the current implementation any unauthorized client can
> trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
