hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Antonov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13336) Consistent rules for security meta table protections
Date Mon, 05 Oct 2015 23:27:26 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14944245#comment-14944245
] 

Mikhail Antonov commented on HBASE-13336:
-----------------------------------------

As it seems to be intended in this patch (and what looks logical), we want to have each of
2 controllers (AC and VC) to cross-check both security tables, right? I.e. if only AC is installed,
it should still check operations against both tables and vice versa, if both are installed,
each checks both tables.

[~apurtell] thoughts?

> Consistent rules for security meta table protections
> ----------------------------------------------------
>
>                 Key: HBASE-13336
>                 URL: https://issues.apache.org/jira/browse/HBASE-13336
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Mikhail Antonov
>             Fix For: 2.0.0, 1.3.0, 0.98.16
>
>         Attachments: HBASE-13336.patch, HBASE-13336_v2.patch
>
>
> The AccessController and VisibilityController do different things regarding protecting
their meta tables. The AC allows schema changes and disable/enable if the user has permission.
The VC unconditionally disallows all admin actions. Generally, bad things will happen if these
meta tables are damaged, disabled, or dropped. The likely outcome is random frequent (or constant)
server side op failures with nasty stack traces. On the other hand some things like column
family and table attribute changes can have valid use cases. We should have consistent and
sensible rules for protecting security meta tables.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message