Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AFA17C0F5 for ; Sun, 1 Jul 2012 02:08:49 +0000 (UTC) Received: (qmail 66497 invoked by uid 500); 1 Jul 2012 02:08:49 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 66470 invoked by uid 500); 1 Jul 2012 02:08:49 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 66462 invoked by uid 99); 1 Jul 2012 02:08:49 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Jul 2012 02:08:49 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id ADDF5142840 for ; Sun, 1 Jul 2012 02:08:47 +0000 (UTC) Date: Sun, 1 Jul 2012 02:08:47 +0000 (UTC) From: "ShiXing (JIRA)" To: issues@hbase.apache.org Message-ID: <1859240116.76145.1341108527713.JavaMail.jiratomcat@issues-vm> In-Reply-To: <916334903.71049.1340964584126.JavaMail.jiratomcat@issues-vm> Subject: [jira] [Commented] (HBASE-6292) Compact can skip the security access control MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-6292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13404667#comment-13404667 ] ShiXing commented on HBASE-6292: -------------------------------- @Andrew, I see the ACL Matrix in HBASE-6192 {code} RegionServer | CompactSelection | REGION | INTERNAL | NA {code} And this patch has changed it by add preCompactSelection requirePermission(). Should we change the doc for the ACL Matrix? > Compact can skip the security access control > -------------------------------------------- > > Key: HBASE-6292 > URL: https://issues.apache.org/jira/browse/HBASE-6292 > Project: HBase > Issue Type: Sub-task > Components: security > Affects Versions: 0.94.0, 0.96.0, 0.94.1 > Reporter: ShiXing > Assignee: ShiXing > Labels: acl, security > Fix For: 0.96.0, 0.94.1 > > Attachments: HBASE-6292-trunk-V1.patch > > > When client sends compact command to rs, the rs just create a CompactionRequest, and then put it into the thread pool to process the CompactionRequest. And when the region do the compact, it uses the rs's ugi to process the compact, so the compact can successfully done. > Example: > user "mapred" do not have permission "Admin", > {code} > hbase(main):001:0> user_permission 'Security' > User Table,Family,Qualifier:Permission > mapred Security,f1,c1: [Permission: actions=READ,WRITE] > hbase(main):004:0> put 'Security', 'r6', 'f1:c1', 'v9' > 0 row(s) in 0.0590 seconds > hbase(main):005:0> put 'Security', 'r6', 'f1:c1', 'v10' > 0 row(s) in 0.0040 seconds > hbase(main):006:0> compact 'Security' > 0 row(s) in 0.0260 seconds > {code} > Maybe we can add permission check in the preCompactSelection() ? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira