hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
Date Tue, 12 Jul 2016 22:39:20 GMT

     [ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Gary Helmling updated HBASE-16217:
    Status: Patch Available  (was: Open)

The attached patch is a first step in eliminating use of UserGroupInformation.doAs() for permissions
* adds a User instance to ObserverContext identifying the calling user for the coprocessor
* updates AccessController to make use of this for permissions checks
* eliminates use of UserGroupInformation.doAs() for permissions checks in procedure paths,
compactions, splits, region merges

> Identify calling user in ObserverContext
> ----------------------------------------
>                 Key: HBASE-16217
>                 URL: https://issues.apache.org/jira/browse/HBASE-16217
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>             Fix For: 2.0.0, 1.4.0
>         Attachments: HBASE-16217.master.001.patch
> We already either explicitly pass down the relevant User instance initiating an action
through the call path, or it is available through RpcServer.getRequestUser().  We should carry
this through in the ObserverContext for coprocessor upcalls and make use of it for permissions

This message was sent by Atlassian JIRA

View raw message