hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-6104) Require EXEC permission to call coprocessor endpoints
Date Mon, 06 Jan 2014 21:55:52 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13863475#comment-13863475
] 

Andrew Purtell edited comment on HBASE-6104 at 1/6/14 9:55 PM:
---------------------------------------------------------------

bq. Before I commit this to trunk (and maybe to 0.98... I am tempted ... other security features
have been bundled into it)

I am going to bring this into 0.98, but one more rev of the patch first: Let's make enforcement
of EXEC privilege optional and disabled by default for 0.98, then on unconditionally in a
later release. Thanks to [~avik_dey@yahoo.com] for the suggestion.


was (Author: apurtell):
bq. Before I commit this to trunk (and maybe to 0.98... I am tempted ... other security features
have been bundled into it)

I am going to bring this into 0.98, but one more rev of the patch first: Let's make enforcement
of EXEC privilege optional and disabled by default for 0.98, then on unconditionally in a
later release.

> Require EXEC permission to call coprocessor endpoints
> -----------------------------------------------------
>
>                 Key: HBASE-6104
>                 URL: https://issues.apache.org/jira/browse/HBASE-6104
>             Project: HBase
>          Issue Type: New Feature
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0, 0.99.0
>
>         Attachments: 6104-addendum-1.patch, 6104-revert.patch, 6104.patch, 6104.patch,
6104.patch, 6104.patch, 6104.patch, 6104.patch
>
>
> The EXEC action currently exists as only a placeholder in access control.  It should
really be used to enforce access to coprocessor endpoint RPC calls, which are currently unrestricted.
> How the ACLs to support this would be modeled deserves some discussion:
> * Should access be scoped to a specific table and CoprocessorProtocol extension?
> * Should it be possible to grant access to a CoprocessorProtocol implementation globally
(regardless of table)?
> * Are per-method restrictions necessary?
> * Should we expose hooks available to endpoint implementors so that they could additionally
apply their own permission checks? Some CP endpoints may want to require READ permissions,
others may want to enforce WRITE, or READ + WRITE.
> To apply these kinds of checks we would also have to extend the RegionObserver interface
to provide hooks wrapping HRegion.exec().



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message