phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas D'Silva (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-4529) Users should only require RX access to SYSTEM.SEQUENCE table
Date Tue, 06 Feb 2018 03:18:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353292#comment-16353292
] 

Thomas D'Silva commented on PHOENIX-4529:
-----------------------------------------

[~jamestaylor] 
If we have tenant specific sequences will they be in the same region as the global sequences
of the same schema using our previous  implementation of MetaDataSplitPolicy? It wasn't clear
looking at the code. If so I think we can use this policy and rely on locking these rows.
[~karanmehta93]
Good point, we will have to handle the initial creation of sequences for users that don't
have write access at the table or namespace/schema scope. We could handle this on the server
side similar to how its currently handled for SYSTEM.CATALOG in MetadataEndpointImpl using
User.runAsLoginUser.
[~apurtell]
Instead of using cell-level acls, we could implement our own AccessController that wraps the
{{checkCoveringPermission()}} and {{internalPreRead()}} methods of AccessController. For SYSTEM.SEQUENCE
we could validate that the user has access by extracting the schema name of  the sequence
from the rowkey. 
We wouldn't have to re-write cell acls whenever a permission is granted or revoked to a user.



> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>
>                 Key: PHOENIX-4529
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Thomas D'Silva
>            Priority: Major
>
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and other tables,
since the code is run on the server side as login user. However for {{SYSTEM.SEQUENCE}}, write
permission is still needed. This is a potential security concern, since it allows anyone to
modify the sequences created by others. This JIRA is to discuss how we can improve the security
of this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
> 2. AccessControl at Phoenix Layer by addition of user column in the {{SYSTEM.SEQUENCE}}
table and use it for access control (Can be error-prone for complex scenarios like sequence
sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [~ankit@apache.org] [~elserj]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message