hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anoop Sam John (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-10619) Don't allow non super users to do DDL ops on system tables
Date Sat, 18 Apr 2015 03:47:59 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14501077#comment-14501077
] 

Anoop Sam John commented on HBASE-10619:
----------------------------------------

bq.Why not parse the superuser information out of Configuration and cache it in one place?
In User. Then have the AC and VC and other users call User methods rather than keep local
copies of these lists.
That would be ideal and User can be the best place.  Only thing is we have to cache it as
a static member there. That is why I was a bit hesitant.
We can add isSuperUser(Configuration) API to User and the 1st call will get the super users/groups
from Conf and cache at User level.

> Don't allow non super users to do DDL ops on system tables
> ----------------------------------------------------------
>
>                 Key: HBASE-10619
>                 URL: https://issues.apache.org/jira/browse/HBASE-10619
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Anoop Sam John
>            Assignee: Anoop Sam John
>         Attachments: HBASE-10619.patch, HBASE-10619_V2.patch, HBASE-10619_V3.patch, HBASE-10619_V4.patch,
HBASE-10619_V5.patch, HBASE-10619_V6.patch
>
>
> Don't allow non super users to do DDL ops on system tables
> For META and NS tables, we should allow them to be disabled even by super users.  With
out these tables online the cluster will be non operational.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message