Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support secure access to the index tables #43

Open
jyothi-mandava opened this issue Apr 9, 2014 · 2 comments
Open

Support secure access to the index tables #43

jyothi-mandava opened this issue Apr 9, 2014 · 2 comments
Labels
enhancement

Comments

@jyothi-mandava
Copy link
Contributor

Secure check is bypassed while accessing the indexing tables currently. Basic implementation can be granting the same ACL as usertable. Need to work on the best solution by considering per cell ACL in HBase >= 0.98 versions
@anoopsjohn
Copy link

Thinking more on this..

bq.Basic implementation can be granting the same ACL as usertable
Yes but with per cell it becomes more and more complicated. There can be a multi column index with columns over diff CFs itself. Well these CFs can have diff user ACLs or even cells.

So what I am thinking now is creating a new CP impl for handling the AccessControl for the Index table.
The new CP can be registered at table level , with highest priority for the Index table.
This CP can be added only when the AC is ON for the user table. (AccessController CP is installed for the table)

The AC check on the user table is happened in pre hooks already. Then comes read/write to index regions. We will allow the read/write to index table only from IndexRegionObserver. So in the new CP impl, check whether this call comes from the IndexRegionObserver (Well we can make use of ThreadLocal (?)) If the call is not from IndexRegionObserver just AccessDeny the op. If it comes from, allow it and do a bypass call. This will bypass AC CP. This way we can avoid the patching done in AC code.

@jyothi-mandava
Copy link
Contributor Author

bq.Yes but with per cell it becomes more and more complicated. There can be a multi column index with columns over diff CFs itself. Well these CFs can have diff user ACLs or even cells
Yes index table ACL shouldn't depend on user table CF/cell ACLs. We should be able to find the complete index info from index table for the input and actual filtering based on CF/cell ACL has to happen on user table while forming the result.

Idea of by passing the check if the call is from IndexRegionObserver sounds great. This will be fine for handling the all operations like write/read etc on index table.
Coming to MasterObserverImpl, for DDL operations which can happen directly on Index tables like dynamic addition/deletion of indexes ( any operation which does not come through user table), we can allow only admin user ( or allowed users with Access Control for index table) to perform. This will restrict any other user from performing DDL operations on the index table directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anoopsjohn @jyothi-mandava