hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Heng Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14265) we should forbid creating table using 'hbase' namespace except by superuser
Date Tue, 27 Oct 2015 10:15:28 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14976148#comment-14976148
] 

Heng Chen commented on HBASE-14265:
-----------------------------------

I am sorry for being late,  I reconsider this issue, and think it is invalid.

The purpose of this issue is to prevent normal user to created table under 'hbase' NS. But
superuser can do it.

There are two situations:
 * security disabled.   All users are superuser, we should do nothing.
 * security enabled.   Normal users has ACLs controlled by superuser, so we use use ACLs to
do limitation.

So this issue is invalid.  Sorry again for this noice...

> we should forbid creating table using 'hbase' namespace except by superuser
> ---------------------------------------------------------------------------
>
>                 Key: HBASE-14265
>                 URL: https://issues.apache.org/jira/browse/HBASE-14265
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Heng Chen
>            Assignee: Heng Chen
>         Attachments: HBASE-14265.patch, HBASE-14265_v2.patch, HBASE-14265_v3.patch, HBASE-14265_v4.patch
>
>
> Now, there is no limit for users who can create table under 'hbase' NameSpace. I think
it has some risk.
> Because we use {{TableName.systemTable}} to decide whether this table is System or not.
> But as code,  {{TableName.systemTable}} will be true, if NS equals "hbase'
> {code}
>  if (Bytes.equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME, namespace)) {
>         this.namespace = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME;
>         this.namespaceAsString = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR;
>         this.systemTable = true;
>       } 
> {code}
>  
> And we treat system table and normal table differently. 
> For example,  https://issues.apache.org/jira/browse/HBASE-14257 will flush fast if table
belong to system table.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message