phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (PHOENIX-4529) Users should only require RX access to SYSTEM.SEQUENCE table
Date Tue, 23 Jan 2018 00:34:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16335206#comment-16335206
] 

Andrew Purtell edited comment on PHOENIX-4529 at 1/23/18 12:33 AM:
-------------------------------------------------------------------

Cell level ACLs have limitations you should be aware of. The most significant is they cannot
override ACLs which grant permissions at a coarser granularity, like cf or table or namespace.
(This is generally true of ACLs, btw: if namespace grants, but table ACL does not, namespace
grant is where we stop and grant access anyway.) The next is the only way to change a cell
ACL is to rewrite the cell with a new ACL. Say you have a table with a million entries. If
you set a CF level or coarser ACL, this is managed in the ACL table and one REVOKE will do
what you expect. If you have a million entries with per cell ACLs and you want to revoke,
you'll have to rewrite a million entries. 

Edit: This could be more efficient after HBASE-19842 


was (Author: apurtell):
Cell level ACLs have limitations you should be aware of. The most significant is they cannot
override ACLs which grant permissions at a coarser granularity, like cf or table or namespace.
(This is generally true of ACLs, btw: if namespace grants, but table ACL does not, namespace
grant is where we stop and grant access anyway.) The next is the only way to change a cell
ACL is to rewrite the cell with a new ACL. Say you have a table with a million entries. If
you set a CF level or coarser ACL, this is managed in the ACL table and one REVOKE will do
what you expect. If you have a million entries with per cell ACLs and you want to revoke,
you'll have to rewrite a million entries. 

> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>
>                 Key: PHOENIX-4529
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Thomas D'Silva
>            Priority: Major
>
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and other tables,
since the code is run on the server side as login user. However for {{SYSTEM.SEQUENCE}}, write
permission is still needed. This is a potential security concern, since it allows anyone to
modify the sequences created by others. This JIRA is to discuss how we can improve the security
of this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
> 2. AccessControl at Phoenix Layer by addition of user column in the {{SYSTEM.SEQUENCE}}
table and use it for access control (Can be error-prone for complex scenarios like sequence
sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [~ankit@apache.org] [~elserj]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message