phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karan Mehta (JIRA)" <j...@apache.org>
Subject [jira] [Created] (PHOENIX-4529) Users should only require RX access to SYSTEM.SEQUENCE table
Date Thu, 11 Jan 2018 23:40:02 GMT
Karan Mehta created PHOENIX-4529:
------------------------------------

             Summary: Users should only require RX access to SYSTEM.SEQUENCE table
                 Key: PHOENIX-4529
                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
             Project: Phoenix
          Issue Type: Bug
            Reporter: Karan Mehta


Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and other tables, since
the code is run on the server side as login user. However for {{SYSTEM.SEQUENCE}}, write permission
is still needed. This is a potential security concern, since it allows anyone to modify the
sequences created by others. This JIRA is to discuss how we can improve the security of this
table. 

Potential options include
1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
2. AccessControl at Phoenix Layer by addition of user column in the {{SYSTEM.SEQUENCE}} table
and use it for access control (Can be error-prone for complex scenarios like sequence sharing)

Please advice.
[~tdsilva] [~jamestaylor] [~apurtell] [~ankit@apache.org] [~elserj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message