hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruslan Sabitov (Jira)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11043) Users with table's read/write permission can't get table's description
Date Mon, 18 May 2020 13:29:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17110287#comment-17110287
] 

Ruslan Sabitov commented on HBASE-11043:
----------------------------------------

User without CREATE permission can't get information about a table when running describe <table>
command in the hbase shell. I think it's excessively to give CREATE permission only for getting
table info. Furthermore user can get this information in HBase web UI.

I see two ways to solve this:

Make sensitive table attributes like data enpryption key protected and exclude them if user
has no CREATE or ADMIN privileges.
 Forbid to store sensitive data in attributes and make warning about that in the documentation.

> Users with table's read/write permission can't get table's description
> ----------------------------------------------------------------------
>
>                 Key: HBASE-11043
>                 URL: https://issues.apache.org/jira/browse/HBASE-11043
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.99.0
>            Reporter: Shaohui Liu
>            Priority: Minor
>         Attachments: HBASE-11043-trunk-v1.diff
>
>
> AccessController#preGetTableDescriptors only allow users with admin or create permission
to get table's description.
> {quote}
>         requirePermission("getTableDescriptors", nameAsBytes, null, null,
>           Permission.Action.ADMIN, Permission.Action.CREATE);
> {quote}
> I think Users with table's read/write permission should also be able to get table's description.

> Eg: when create a hive table on HBase,  hive will get the table description to check
if the mapping is right. Usually the hive users only have the read permission of table.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message