Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 06662200BB9 for ; Mon, 7 Nov 2016 20:28:06 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 04F6A160AEC; Mon, 7 Nov 2016 19:28:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 73DC9160AE0 for ; Mon, 7 Nov 2016 20:28:05 +0100 (CET) Received: (qmail 88157 invoked by uid 500); 7 Nov 2016 19:27:59 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 87919 invoked by uid 99); 7 Nov 2016 19:27:59 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2016 19:27:59 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 577112C2A6C for ; Mon, 7 Nov 2016 19:27:59 +0000 (UTC) Date: Mon, 7 Nov 2016 19:27:59 +0000 (UTC) From: "Lars George (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (HBASE-15445) Add support for ACLs for web based UIs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 07 Nov 2016 19:28:06 -0000 [ https://issues.apache.org/jira/browse/HBASE-15445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lars George reassigned HBASE-15445: ----------------------------------- Assignee: Lars George > Add support for ACLs for web based UIs > -------------------------------------- > > Key: HBASE-15445 > URL: https://issues.apache.org/jira/browse/HBASE-15445 > Project: HBase > Issue Type: Bug > Components: master, regionserver, REST, Thrift > Affects Versions: 1.2.0, 1.0.3, 1.1.3 > Reporter: Lars George > Assignee: Lars George > > Since 0.99 and HBASE-10336 we have our own HttpServer class that (like the counterpart in Hadoop) supports setting an ACL to allow only named users to access the web based UIs of the server processes. In secure mode we should support this as it works hand-in-hand with Kerberos authorization and the UGI class. It seems all we have to do is add a property allowing to set the ACL property as a list of users and/or groups that have access to the UIs if needed. > As an add-on, we could combine this with the {{read-only}} flag, so that some users can only access the UIs with any option to trigger, for example, splits. -- This message was sent by Atlassian JIRA (v6.3.4#6332)