hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liu Shaohui (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11043) Users with table's read/write permission can't get table's description
Date Wed, 23 Apr 2014 07:51:17 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977951#comment-13977951
] 

Liu Shaohui commented on HBASE-11043:
-------------------------------------

[~jdcryans] [~apurtell]
I agree that hbase should restrict HTableDescriptor enumeration with HBASE-8692.

But My question is that why to restrict users with table's read/write permission to get the
table' description? 

Usually, a user with table's read/write permission need to known somethings about the table'
description.
For example,  hive on hbase need to get the table description to check if the mapping is right,
and usaully the hive user only have table read'permission.

see: HBaseStorageHandler.java http://grepcode.com/file/repository.cloudera.com/content/repositories/releases/org.apache.hadoop.hive/hive-hbase-handler/0.7.1-cdh3u3b/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java?av=h#184


> Users with table's read/write permission can't get table's description
> ----------------------------------------------------------------------
>
>                 Key: HBASE-11043
>                 URL: https://issues.apache.org/jira/browse/HBASE-11043
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.99.0
>            Reporter: Liu Shaohui
>            Priority: Minor
>         Attachments: HBASE-11043-trunk-v1.diff
>
>
> AccessController#preGetTableDescriptors only allow users with admin or create permission
to get table's description.
> {quote}
>         requirePermission("getTableDescriptors", nameAsBytes, null, null,
>           Permission.Action.ADMIN, Permission.Action.CREATE);
> {quote}
> I think Users with table's read/write permission should also be able to get table's description.

> Eg: when create a hive table on HBase,  hive will get the table description to check
if the mapping is right. Usually the hive users only have the read permission of table.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message