hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15147) Shell should use Admin.listTableNames() instead of Admin.listTables()
Date Thu, 21 Jan 2016 23:47:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15111629#comment-15111629

Hudson commented on HBASE-15147:

FAILURE: Integrated in HBase-1.1-JDK8 #1729 (See [https://builds.apache.org/job/HBase-1.1-JDK8/1729/])
HBASE-15147 Shell should use Admin.listTableNames() instead of (enis: rev 5a3e2abc048a4d9bc60566f9f12f31fdda22702c)
* hbase-shell/src/main/ruby/hbase/admin.rb

> Shell should use Admin.listTableNames() instead of Admin.listTables() 
> ----------------------------------------------------------------------
>                 Key: HBASE-15147
>                 URL: https://issues.apache.org/jira/browse/HBASE-15147
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>             Fix For: 2.0.0, 1.2.0, 1.3.0, 1.1.4, 1.0.4
>         Attachments: hbase-15147_v1.patch
> It seems that getTableDescriptors() in master checks for A and C permissions while getTableNames()
checks for any privilege on the table. The reasoning is explained here: https://issues.apache.org/jira/browse/HBASE-12564?focusedCommentId=14234504&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14234504

> We should change the shell command for {{list}} to use the getTableNames() version because
of this. Otherwise a user having only R or W cannot list the table name. 
> This has been reported from a user here: https://community.hortonworks.com/questions/10742/why-does-a-user-need-create-permission-for-list-co.html#comment-11000.

> While we are at it, should we revisit the fact that you cannot get a table descriptor
if you have only R or W? It seems strange that you cannot even know the CF names of a table
that you can read from. I could not find info about the "describe" privileges on SQL databases.
However, if there are use cases where Table descriptor might contain sensitive info, the current
semantics seems fine. cc [~apurtell] and [~mbertozzi]. 

This message was sent by Atlassian JIRA

View raw message