[jira] [Commented] (HBASE-28868) Add missing permission check for updateRSGroupConfig in branch-2

Mon, 23 Sep 2024 10:27:20 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-28868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883971#comment-17883971
 ] 

Nihal Jain commented on HBASE-28868:
------------------------------------

Merged to branch-2. Raised  backport for branch-2.6 and branch-2.5.

> Add missing permission check for updateRSGroupConfig in branch-2
> ----------------------------------------------------------------
>
>                 Key: HBASE-28868
>                 URL: https://issues.apache.org/jira/browse/HBASE-28868
>             Project: HBase
>          Issue Type: Task
>          Components: rsgroup
>    Affects Versions: 2.7.0
>            Reporter: Nihal Jain
>            Assignee: Nihal Jain
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 2.7.0, 2.6.1, 2.5.11
>
>
> Found this during HBASE-28867, we do not have security check for 
> updateRSGroupConfig in branch-2. See 
> [https://github.com/apache/hbase/blob/0dc334f572329be7eb2455cec3519fc820c04c25/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java#L450]
> Same check exists in master 
> [https://github.com/apache/hbase/blob/52082bc5b80a60406bfaaa630ed5cb23027436c1/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java#L2279]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to