hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15147) Shell should use Admin.listTableNames() instead of Admin.listTables()
Date Fri, 22 Jan 2016 22:29:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15113243#comment-15113243

Andrew Purtell commented on HBASE-15147:

bq. Then we can do the stripping of information in HTD/HCD depending on perms in a follow
up jira if needed. 

Earlier thinking was whitelisting of information in descriptors would be a burden to maintain
so only principals with C or A perms should be allowed to see descriptors. Seeing table names
is fine for any perms (as well as region names, etc., since anyone must be able to read META
to accomplish anything). 

> Shell should use Admin.listTableNames() instead of Admin.listTables() 
> ----------------------------------------------------------------------
>                 Key: HBASE-15147
>                 URL: https://issues.apache.org/jira/browse/HBASE-15147
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>             Fix For: 2.0.0, 1.2.0, 1.3.0, 1.1.4, 1.0.4
>         Attachments: hbase-15147_v1.patch
> It seems that getTableDescriptors() in master checks for A and C permissions while getTableNames()
checks for any privilege on the table. The reasoning is explained here: https://issues.apache.org/jira/browse/HBASE-12564?focusedCommentId=14234504&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14234504

> We should change the shell command for {{list}} to use the getTableNames() version because
of this. Otherwise a user having only R or W cannot list the table name. 
> This has been reported from a user here: https://community.hortonworks.com/questions/10742/why-does-a-user-need-create-permission-for-list-co.html#comment-11000.

> While we are at it, should we revisit the fact that you cannot get a table descriptor
if you have only R or W? It seems strange that you cannot even know the CF names of a table
that you can read from. I could not find info about the "describe" privileges on SQL databases.
However, if there are use cases where Table descriptor might contain sensitive info, the current
semantics seems fine. cc [~apurtell] and [~mbertozzi]. 

This message was sent by Atlassian JIRA

View raw message