hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <els...@apache.org>
Subject Re: Custom security check
Date Tue, 19 Feb 2019 15:24:21 GMT
Hi Jagan,

Right now, Authorization checks inside of the RegionServer aren't 
well-quantified, but it is possible. One example of software that does 
this today is Apache Ranger.

However, your plan to provide custom client-side data is going to take a 
bit more effort as you'll also need to figure out client-side logic to 
compute and (somehow) send this extra data with every RPC. I would guess 
that this would take some aggressive hacking, but I haven't looked at 
the client-side code with this in mind before.

I think your best course of action is to look at the code yourself and 
come back with more specific questions as to what exists in HBase. 
Perhaps you can start looking at what Ranger does and go from there.

Good luck!

On 2/19/19 3:19 AM, Jagan R wrote:
> Dear All,
> 
> Is there any way we can plug-in custom security checks in HBase?
> 
> We are exploring ways to do security checks at a more finer level where we
> want to control/check if the user can access this data or not. Once we do
> the authorization checks, want to pass an access token to the hbase region
> servers for any request.
> 
> In the region server, we want to check for the validity of the access token
> via a call to the data source (say redis) where the access token is stored.
> 
> So want to pass an additional argument say token for the hbase requests and
> get a handle for validating the token before performing the operation. If
> the token is invalid, should abort the operation and throw error to the
> client.
> 
> Regards,
> Jagan
> 

Mime
View raw message