hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chia-Ping Tsai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19093) Check Admin/Table to ensure all operations go via AccessControl
Date Tue, 21 Nov 2017 11:47:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16260615#comment-16260615
] 

Chia-Ping Tsai commented on HBASE-19093:
----------------------------------------

What I proposed is shown below.
{code}
public @interface SecurableHook {}

public interface MasterObserver {
  @SecurableHook
  default void preDeleteTable(final ObserverContext<MasterCoprocessorEnvironment> ctx,
      TableName tableName) throws IOException {}
}
{code}
The method which should be checked by {{TestAccessControllerMethods}} is what has the {{SecurableHook}}
annotation.

> Check Admin/Table to ensure all operations go via AccessControl
> ---------------------------------------------------------------
>
>                 Key: HBASE-19093
>                 URL: https://issues.apache.org/jira/browse/HBASE-19093
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: stack
>            Assignee: Balazs Meszaros
>            Priority: Blocker
>             Fix For: 2.0.0-beta-1
>
>         Attachments: HBASE-19093.master.001.patch, HBASE-19093.master.002.patch
>
>
> A cursory review of Admin Interface has a bunch of methods as open, with out AccessControl
checks. For example, procedure executor has not check on it.
> This issue is about given the Admin and Table Interfaces a once-over to see what is missing
and to fill in access control where missing.
> This is a follow-on from work over in HBASE-19048



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message