hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-13336) Consistent rules for security meta table protections
Date Thu, 26 Mar 2015 01:57:52 GMT

     [ https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrew Purtell updated HBASE-13336:
-----------------------------------
    Description: The AccessController and VisibilityController do different things regarding
protecting their meta tables. The AC allows schema changes and disable/enable if the user
has permission. The VC unconditionally disallows all admin actions. Generally, bad things
will happen if these meta tables are damaged, disabled, or dropped. The likely outcome is
random frequent (or constant) server side op failures with nasty stack traces. On the other
hand some things like column family and table attribute changes can have valid use cases.
We should have consistent and sensible rules for protecting security meta tables.  (was: The
AccessController and VisibilityController do different things regarding protecting their meta
tables. The AC allows schema changes and disable/enable if the user has permission. The VC
unconditionally disallows all admin actions. Generally, bad things will happen if these meta
tables are damaged, disabled, or dropped. The likely outcome is random frequent (or constant)
server side op failures with nasty stack traces. We should have consistent and sensible rules
for protecting security meta tables.)

> Consistent rules for security meta table protections
> ----------------------------------------------------
>
>                 Key: HBASE-13336
>                 URL: https://issues.apache.org/jira/browse/HBASE-13336
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>
> The AccessController and VisibilityController do different things regarding protecting
their meta tables. The AC allows schema changes and disable/enable if the user has permission.
The VC unconditionally disallows all admin actions. Generally, bad things will happen if these
meta tables are damaged, disabled, or dropped. The likely outcome is random frequent (or constant)
server side op failures with nasty stack traces. On the other hand some things like column
family and table attribute changes can have valid use cases. We should have consistent and
sensible rules for protecting security meta tables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message