-
Type:
Bug
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 3.5.1, 3.5.0
-
Component/s: Security
-
Labels:
-
Release Notes:Fixed an issue that allows impersonation in flows to work correctly, by not re-using HBaseAdmin across different UGI.
-
Rank:1|hzzmrr:
The HBaseAdmin has a connection inside that contains the current UGI at the creation time. Reusing will break impersonation, because now Flow's HBase operations may be using the wrong UGI, which may not have privileges on the appropriate namespace (not should the incorrect user be used to create the HBase tables).