phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-4528) PhoenixAccessController checks permissions only at table level when creating views
Date Sun, 14 Jan 2018 01:16:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325409#comment-16325409
] 

ASF GitHub Bot commented on PHOENIX-4528:
-----------------------------------------

GitHub user karanmehta93 opened a pull request:

    https://github.com/apache/phoenix/pull/289

    PHOENIX-4528 PhoenixAccessController checks permissions only at table…

    … level when creating views
    
    @ankitsinghal @twdsilva Please review.
    
    @ankitsinghal Please suggest new tests that can be added to verify this patch. The test
that I added only verifies that create views would succeed. The change that I have made is
generic, however it will be good to add tests that cover scenarios that include creation or
dropping of index tables.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/karanmehta93/phoenix PHOENX-4528

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/phoenix/pull/289.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #289
    
----
commit 9490469b1f4977e1cca63558caad9472d6f2b2a8
Author: Karan Mehta <karanmehta93@...>
Date:   2018-01-14T01:10:31Z

    PHOENIX-4528 PhoenixAccessController checks permissions only at table level when creating
views

----


> PhoenixAccessController checks permissions only at table level when creating views
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-4528
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4528
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>         Attachments: PHOENIX-4528.repro-test.diff
>
>
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime a user wants
to create a view on a base table. The {{requireAccess()}} method takes in tableName as the
parameter and checks for user permissions only at that table level. The correct approach is
to also check permissions at namespace level, since it is at a larger scope than per table
level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created as {{TEST_SCHEMA:TEST_TABLE}}
HBase table is namespace mapping is enabled. View creation on this table would fail if permissions
are granted to just {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same
permissions are granted at table level too.
> FYI. [~ankit.singhal] [~twdsilva@gmail.com]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message