hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
Date Tue, 12 Jul 2016 22:39:20 GMT

     [ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gary Helmling updated HBASE-16217:
----------------------------------
    Status: Patch Available  (was: Open)

The attached patch is a first step in eliminating use of UserGroupInformation.doAs() for permissions
checking:
* adds a User instance to ObserverContext identifying the calling user for the coprocessor
context
* updates AccessController to make use of this for permissions checks
* eliminates use of UserGroupInformation.doAs() for permissions checks in procedure paths,
compactions, splits, region merges

> Identify calling user in ObserverContext
> ----------------------------------------
>
>                 Key: HBASE-16217
>                 URL: https://issues.apache.org/jira/browse/HBASE-16217
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>             Fix For: 2.0.0, 1.4.0
>
>         Attachments: HBASE-16217.master.001.patch
>
>
> We already either explicitly pass down the relevant User instance initiating an action
through the call path, or it is available through RpcServer.getRequestUser().  We should carry
this through in the ObserverContext for coprocessor upcalls and make use of it for permissions
checking.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message