phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-4528) PhoenixAccessController checks permissions only at table level when creating views
Date Wed, 17 Jan 2018 23:40:01 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329698#comment-16329698
] 

Hudson commented on PHOENIX-4528:
---------------------------------

FAILURE: Integrated in Jenkins build Phoenix-master #1915 (See [https://builds.apache.org/job/Phoenix-master/1915/])
PHOENIX-4528 PhoenixAccessController checks permissions only at table (karanmehta93: rev e3faa954952fbe6f9ea5a9e792a5d275d9193a53)
* (edit) phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
* (edit) phoenix-core/src/it/java/org/apache/phoenix/end2end/ChangePermissionsIT.java
* (edit) phoenix-core/src/main/java/org/apache/phoenix/coprocessor/PhoenixAccessController.java


> PhoenixAccessController checks permissions only at table level when creating views
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-4528
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4528
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>         Attachments: PHOENIX-4528.001.patch, PHOENIX-4528.repro-test.diff
>
>
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime a user wants
to create a view on a base table. The {{requireAccess()}} method takes in tableName as the
parameter and checks for user permissions only at that table level. The correct approach is
to also check permissions at namespace level, since it is at a larger scope than per table
level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created as {{TEST_SCHEMA:TEST_TABLE}}
HBase table is namespace mapping is enabled. View creation on this table would fail if permissions
are granted to just {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same
permissions are granted at table level too.
> FYI. [~ankit.singhal] [~twdsilva@gmail.com]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message