hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-14111) Enable HBase ACL in REST operations
Date Fri, 17 Jul 2015 00:09:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14630572#comment-14630572
] 

Andrew Purtell edited comment on HBASE-14111 at 7/17/15 12:08 AM:
------------------------------------------------------------------

That's not correct, if you have the AccessController running on the cluster and ACLs set up,
the REST gateway cannot bypass them, it is just another client. I think you need to provide
more detail on your setup. 

User access through the gateway will have as effective principal that under which the REST
gateway is running, unless you enable impersonation. Perhaps this is what you are getting
at? Information on how to operate the REST gateway in a secure environment can be found in
the online manual (https://hbase.apache.org/book.html). See especially https://hbase.apache.org/book.html#security.rest.gateway
and the previous section.


was (Author: apurtell):
That's not correct, if you have the AccessController running on the cluster and ACLs set up,
the REST gateway cannot bypass them, it is just another client. I think you need to provide
more detail on your setup.

> Enable HBase ACL in REST operations
> -----------------------------------
>
>                 Key: HBASE-14111
>                 URL: https://issues.apache.org/jira/browse/HBASE-14111
>             Project: HBase
>          Issue Type: Improvement
>          Components: REST, security
>            Reporter: Roberto Arias-Yacupoma
>            Priority: Minor
>              Labels: patch, security
>
> Currently for any operations performed by users through REST service, the internal HBase
ACL is bypassed and users can perform any operation without security restrictions (they can
view and insert data to any location).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message