Return-Path: 
 <dev-return-49864-apmail-hbase-dev-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-dev-archive@www.apache.org
Delivered-To: apmail-hbase-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 09476C091
	for <apmail-hbase-dev-archive@www.apache.org>;
 Mon, 26 Jan 2015 06:40:35 +0000 (UTC)
Received: (qmail 73178 invoked by uid 500); 26 Jan 2015 06:40:34 -0000
Delivered-To: apmail-hbase-dev-archive@hbase.apache.org
Received: (qmail 73090 invoked by uid 500); 26 Jan 2015 06:40:34 -0000
Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hbase.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hbase.apache.org>
List-Post: <mailto:dev@hbase.apache.org>
List-Id: <dev.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list dev@hbase.apache.org
Received: (qmail 73078 invoked by uid 99); 26 Jan 2015 06:40:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Jan 2015 06:40:34 +0000
Date: Mon, 26 Jan 2015 06:40:34 +0000 (UTC)
From: "Liu Shaohui (JIRA)" <jira@apache.org>
To: dev@hbase.apache.org
Message-ID: <JIRA.12770009.1422254398000.170865.1422254434643@Atlassian.JIRA>
In-Reply-To: <JIRA.12770009.1422254398000@Atlassian.JIRA>
References: <JIRA.12770009.1422254398000@Atlassian.JIRA>
 <JIRA.12770009.1422254398548@arcas>
Subject: [jira] [Created] (HBASE-12916) No access control for replicating
 WAL entries
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Liu Shaohui created HBASE-12916:
-----------------------------------

             Summary: No access control for replicating WAL entries
                 Key: HBASE-12916
                 URL: https://issues.apache.org/jira/browse/HBASE-12916
             Project: HBase
          Issue Type: Bug
          Components: Replication
    Affects Versions: 0.94.26, 2.0.0, 0.98.12
            Reporter: Liu Shaohui
            Assignee: Liu Shaohui


Currently, there is no access control for replicating WAL entries in secure HBase cluster. Any authenticated user can write any data they want to any table of a secure cluster by using the replication api.

Simple solution is  to add permission check before replicating WAL entries. And only user with global write permission can replicate WAL entries to this cluster.

Another option is adding "Replication" action in hbase and only user with "Replication" permission can replicate WAL entries to this cluster?

[~apurtell] 

What's your suggestion? Thanks




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)