phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chinmay Kulkarni <chinmayskulka...@gmail.com>
Subject Why do we need exec permissions in PhoenixAccessController#preGetTable?
Date Wed, 17 Jul 2019 00:31:12 GMT
Why do we need EXEC permissions in PhoenixAccessController#preGetTable?
Aren't READ permissions sufficient here? Now every time that a client calls
MetaDataEndPointImpl#getTable, they will need EXEC permissions on the
table, though they may just want to read from or upsert to the table,
rather than execute any co-processors on the table.
This was introduced as part of changes for PHOENIX-4661
<https://issues.apache.org/jira/browse/PHOENIX-4661>, where we removed
ADMIN permission requirements and added these instead.
I ran into this at $dayjob wherein we had to grant EXEC permissions to a
user just so they could query a table. This doesn't seem right, since
granting EXEC permissions to them could potentially allow them to invoke
any co-processors loaded on that table.

Any ideas about the reasoning behind this? Or is this a potential bug?

-- 
Chinmay Kulkarni

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message