hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-15256) Replication access control should be based on destination table
Date Thu, 11 Feb 2016 22:54:18 GMT
Gary Helmling created HBASE-15256:
-------------------------------------

             Summary: Replication access control should be based on destination table
                 Key: HBASE-15256
                 URL: https://issues.apache.org/jira/browse/HBASE-15256
             Project: HBase
          Issue Type: Improvement
          Components: Replication, security
            Reporter: Gary Helmling


HBASE-12916 added access control for replication sinks, where previously it was missing. 
However, the access control check is only enforced by checking for a global write permission.
 This is both less granular than the check could be and less intuitive (access is denied even
if the source cell has write permission to the table being replicated).

There is obviously more performance overhead from doing more granular checks, but if we only
do checks on the distinct set of tables/cfs being written, I think the trade-off might be
worth it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message