Return-Path: 
 <issues-return-201467-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7DB7C184AA
	for <apmail-hbase-issues-archive@www.apache.org>;
 Thu, 25 Jun 2015 07:47:05 +0000 (UTC)
Received: (qmail 8253 invoked by uid 500); 25 Jun 2015 07:47:05 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 8207 invoked by uid 500); 25 Jun 2015 07:47:05 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 8193 invoked by uid 99); 25 Jun 2015 07:47:05 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Jun 2015 07:47:05 +0000
Date: Thu, 25 Jun 2015 07:47:05 +0000 (UTC)
From: "Srikanth Srungarapu (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12785759.1427334903000.12862.1435218425238@Atlassian.JIRA>
In-Reply-To: <JIRA.12785759.1427334903000@Atlassian.JIRA>
References: <JIRA.12785759.1427334903000@Atlassian.JIRA>
 <JIRA.12785759.1427334903745@arcas>
Subject: [jira] [Work started] (HBASE-13336) Consistent rules for security
 meta table protections
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on HBASE-13336 started by Srikanth Srungarapu.
---------------------------------------------------
> Consistent rules for security meta table protections
> ----------------------------------------------------
>
>                 Key: HBASE-13336
>                 URL: https://issues.apache.org/jira/browse/HBASE-13336
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Srikanth Srungarapu
>             Fix For: 2.0.0, 0.98.14, 1.3.0
>
>         Attachments: HBASE-13336.patch, HBASE-13336_v2.patch
>
>
> The AccessController and VisibilityController do different things regarding protecting their meta tables. The AC allows schema changes and disable/enable if the user has permission. The VC unconditionally disallows all admin actions. Generally, bad things will happen if these meta tables are damaged, disabled, or dropped. The likely outcome is random frequent (or constant) server side op failures with nasty stack traces. On the other hand some things like column family and table attribute changes can have valid use cases. We should have consistent and sensible rules for protecting security meta tables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)