hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization
Date Fri, 27 Mar 2015 17:49:54 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14384229#comment-14384229
] 

Andrew Purtell edited comment on HBASE-13275 at 3/27/15 5:49 PM:
-----------------------------------------------------------------

bq. So what will be the real adv of we allow the admin ops in passive mode? Am I missing any
thing?

I personally wouldn't install the security coprocessors if I didn't want them active, because
of the performance hit, but stepped back and considered if there's any use for it. Certainly
you can imagine "try before you buy" pilots, where ACLs are put in place and there are reviews
of the audit logs to determine if policy is working as expected. 

Turn this question around. What if we just disabled everything with 'hbase.security.authorization'=false,
even audit logging and the ability to set up test grants. Then the coprocessor is just dead
weight. At least here there is the possibility of some usefulness. 

Either disabling _everything_ or the "passive mode" I suggest will meet the objective of this
issue which is 'setting hbase.security.authorization to false does not disable authorization',
we will fix that so setting hbase.security.authorization to false does disable authorization.
Why not do the option which also may provide users some utility? 

If you are still not swayed by this argument, I don't care that much, we can just disable
everything.

bq. Right now any way we dont allow passing Tags from client to server (Unless user is a super
user)
I pass cell TTLs through in KeyValues in some HRegion tests, but I see I'm using the region
object directly, so was confused about this. But all that prevents this is the codec implementation,
right? 


was (Author: apurtell):
bq. So what will be the real adv of we allow the admin ops in passive mode? Am I missing any
thing?

I personally wouldn't install the security coprocessors if I didn't want them active, because
of the performance hit, but stepped back and considered if there's any use for it. Certainly
you can imagine "try before you buy" pilots, where ACLs are put in place and there are reviews
of the audit logs to determine if policy is working as expected. 

Turn this question around. What if we just disabled everything with 'hbase.security.authorization'=false,
even audit logging and the ability to set up test grants. Then the coprocessor is just dead
weight. At least here there is the possibility of some usefulness. 

Either disabling _everything_ or the "passive mode" I suggest will meet the objective of this
issue which is 'setting hbase.security.authorization to false does not disable authorization.
 So why not do the thing which may provide users more utility? 

If you are still not swayed by this argument, I don't care that much, we can just disable
everything.

bq. Right now any way we dont allow passing Tags from client to server (Unless user is a super
user)
I pass cell TTLs through in KeyValues in some HRegion tests, but I see I'm using the region
object directly, so was confused about this. But all that prevents this is the codec implementation,
right? 

> Setting hbase.security.authorization to false does not disable authorization
> ----------------------------------------------------------------------------
>
>                 Key: HBASE-13275
>                 URL: https://issues.apache.org/jira/browse/HBASE-13275
>             Project: HBase
>          Issue Type: Bug
>            Reporter: William Watson
>            Assignee: Andrew Purtell
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
>
>         Attachments: HBASE-13275.patch, HBASE-13275.patch
>
>
> According to the docs provided by Cloudera (we're not running Cloudera, BTW), this is
the list of configs to enable authorization in HBase:
> {code}
> <property>
>      <name>hbase.security.authorization</name>
>      <value>true</value>
> </property>
> <property>
>      <name>hbase.coprocessor.master.classes</name>
>      <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
>      <name>hbase.coprocessor.region.classes</name>
>      <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> {code}
> We wanted to then disable authorization but simply setting hbase.security.authorization
to false did not disable the authorization



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message