[
https://issues.apache.org/jira/browse/HBASE-15445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16425362#comment-16425362
]
Wei-Chiu Chuang commented on HBASE-15445:
-----------------------------------------
This one seems like a new feature or improvement more than a bug.
It gets more complicated when you want to imitate closely to Hadoop's behavior,
adding support for proxyuser and so on. Hadoop has a flag
hadoop.security.authorization where if it's off, it bypasses the web ui ACL
list and allows anyone to access. If authorization is on but web ui
authentication is off, important servlets are not visible.
> Add support for ACLs for web based UIs
> --------------------------------------
>
> Key: HBASE-15445
> URL: https://issues.apache.org/jira/browse/HBASE-15445
> Project: HBase
> Issue Type: Bug
> Components: master, regionserver, REST, Thrift
> Affects Versions: 1.2.0, 1.0.3, 1.1.3
> Reporter: Lars George
> Assignee: Robert Neumann
> Priority: Major
>
> Since 0.99 and HBASE-10336 we have our own HttpServer class that (like the
> counterpart in Hadoop) supports setting an ACL to allow only named users to
> access the web based UIs of the server processes. In secure mode we should
> support this as it works hand-in-hand with Kerberos authorization and the UGI
> class. It seems all we have to do is add a property allowing to set the ACL
> property as a list of users and/or groups that have access to the UIs if
> needed.
> As an add-on, we could combine this with the {{read-only}} flag, so that some
> users can only access the UIs with any option to trigger, for example,
> splits.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
