hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-12644) Visibility Labels: issue with storing super users in labels table
Date Fri, 05 Dec 2014 19:51:12 GMT
Jerry He created HBASE-12644:
--------------------------------

             Summary: Visibility Labels: issue with storing super users in labels table
                 Key: HBASE-12644
                 URL: https://issues.apache.org/jira/browse/HBASE-12644
             Project: HBase
          Issue Type: Bug
          Components: security
    Affects Versions: 0.99.2, 0.98.8
            Reporter: Jerry He
             Fix For: 1.0.0, 0.98.9


Super users have all the permissions for ACL and Visibility labels.
They are defined in hbase-site.xml.
Currently in VisibilityController, we persist super user with their system permission in hbase:labels.
This make change in super user difficult.
There are two issues:
In the current DefaultVisibilityLabelServiceImpl.addSystemLabel, we only add super user when
we initially create the 'system' label.
No additional update after that even if super user changed. See code for details.
 
Additionally, there is no mechanism to remove any super user from the labels table.
 
We probably should not persist super users in the labels table.
They are in hbase-site.xml and can just stay in labelsCache and used from labelsCache after
retrieval by Visibility Controller.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message