hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13336) Consistent rules for security meta table protections
Date Thu, 26 Mar 2015 01:55:52 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381211#comment-14381211
] 

Andrew Purtell commented on HBASE-13336:
----------------------------------------

The rules, in my opinion, should be:
- Allow adding columns, but only if superuser
- Allow modifying column or table descriptor attributes, but only if superuser
- Unconditionally disallow column and table drops. If the superuser is asking, log a WARN
indicating the coprocessors must be removed from config first.
- Unconditionally disallow table disable. If the superuser is asking, log a WARN indicating
the coprocessors must be removed from config first.
- Allow enable (a no-op hopefully) and other admin requests (flush, compaction, region move),
only if the user has ADMIN privilege (AC) or if superuser (VC)

> Consistent rules for security meta table protections
> ----------------------------------------------------
>
>                 Key: HBASE-13336
>                 URL: https://issues.apache.org/jira/browse/HBASE-13336
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>
> The AccessController and VisibilityController do different things regarding protecting
their meta tables. The AC allows schema changes and disable/enable if the user has permission.
The VC unconditionally disallows all admin actions. Generally, bad things will happen if these
meta tables are damaged, disabled, or dropped. The likely outcome is random frequent (or constant)
server side op failures with nasty stack traces. We should have consistent and sensible rules
for protecting security meta tables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message