phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas D'Silva (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-4529) Users should only require RX access to SYSTEM.SEQUENCE table
Date Mon, 05 Feb 2018 19:26:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16352809#comment-16352809
] 

Thomas D'Silva commented on PHOENIX-4529:
-----------------------------------------

[~jamestaylor]
SYSTEM.SEQUENCE is currently allowed to split so sequences from a single schema might span
multiple regions. If two different clients grant or revoke permissions on a schema at the
same time, they could overwrite the cell acls of sequence rows they are modifying. One way
to handle this would be to do a checkAndPut on a cell in the corresponding schema metadata
row in SYSTEM.CATALOG. If the cell already exists an exception is thrown (since it means another
client is currently modifying the cell acls of the sequence rows) and the client has to retry.
Once a client is done changing cell level acls of the sequence rows, the cell in the schema
metadata row in SYSTEM.CATALOG is deleted. 

> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>
>                 Key: PHOENIX-4529
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Thomas D'Silva
>            Priority: Major
>
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and other tables,
since the code is run on the server side as login user. However for {{SYSTEM.SEQUENCE}}, write
permission is still needed. This is a potential security concern, since it allows anyone to
modify the sequences created by others. This JIRA is to discuss how we can improve the security
of this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
> 2. AccessControl at Phoenix Layer by addition of user column in the {{SYSTEM.SEQUENCE}}
table and use it for access control (Can be error-prone for complex scenarios like sequence
sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [~ankit@apache.org] [~elserj]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message