[HBASE-5352] ACL improvements - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.92.1, 0.94.0
Fix Version/s: None
Component/s: security
Labels:
None

Description

In this issue I would like to open discussion for a few minor ACL related improvements. The proposed changes are as follows:

1. Introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for ~~HCATALOG-245~~, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.
2. getUserPermissions(tableName)/grant/revoke and drop/modify table operations should not check for global CREATE/ADMIN rights, but table CREATE/ADMIN rights. The reasoning is that if a user is able to admin or read from a table, she should be able to read the table's permissions. We can choose whether we want only READ or ADMIN permissions for getUserPermission(). Since we check for global permissions first for table permissions, configuring table access using global permissions will continue to work.
3. Grant/Revoke global permissions - ~~HBASE-5342~~ (included for completeness)

From all 3, we may want to backport the first one to 0.92 since without it, Hive/Hcatalog cannot use Hbase's authorization mechanism effectively.

I will create subissues and convert ~~HBASE-5342~~ to a subtask when we get some feedback, and opinions for going further.

Attachments

Issue Links

Add Link

is part of

HBASE-6098 ACL design changes

Closed

Delete this link

HBASE-6101 Ensure Observers cover all relevant RPC and lifecycle code paths

Closed

Delete this link

HBASE-6096 AccessController v2

Closed

Delete this link

Sub-Tasks

Create Sub-Task

1.	Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API	Closed	Enis Soztutar	Actions
2.	Table mutation operations should check table level rights, not global rights	Closed	Laxman	Actions
3.	Grant/Revoke global permissions	Closed	Matteo Bertozzi	Actions
4.	Delete table/column should delete stored permissions on -acl- table	Closed	Matteo Bertozzi	Actions
5.	Fix ACL "Admin" Table inconsistent permission check	Closed	Matteo Bertozzi	Actions
6.	preCheckAndPut/Delete() checks for READ when also a WRITE is performed	Closed	Matteo Bertozzi	Actions
7.	Admin operations on a table should be authorized against table permissions instead of global permissions.	Closed	Unassigned	Actions
8.	Authorize flush, split, compact operations in AccessController	Closed	Laxman	Actions
9.	ACL Corrections for AccessControllerProtocol apis	Closed	Laxman	Actions
10.	Grant on META not taking effect	Closed	Laxman	Actions
11.	Apply ACLs to new bulk load hooks	Closed	Unassigned	Actions
12.	TABLE ADMIN should be allowed to relocate regions	Closed	Laxman	Actions
13.	Avoid unnecessary flush & compact on Meta in admin.rb.	Closed	Laxman	Actions
14.	Compact can skip the security access control	Closed	ShiXing	Actions
15.	Do not allow user to disable or drop ACL table	Closed	Gopinathan A	Actions

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned Assign to me

Reporter:: Enis Soztutar

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 08/Feb/12 01:43

Updated:: 12/Jun/22 20:18

Resolved:: 29/Apr/14 21:12

Agile

View on Board

ACL improvements

Details

Description

Attachments

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates

Agile

Slack

Issue deployment