phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Taylor (JIRA)" <>
Subject [jira] [Commented] (PHOENIX-4529) Users should only require RX access to SYSTEM.SEQUENCE table
Date Tue, 06 Feb 2018 03:38:01 GMT


James Taylor commented on PHOENIX-4529:

Tenant specific sequences won’t necessarily be in the same region as the global ones.

> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>                 Key: PHOENIX-4529
>                 URL:
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Thomas D'Silva
>            Priority: Major
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and other tables,
since the code is run on the server side as login user. However for {{SYSTEM.SEQUENCE}}, write
permission is still needed. This is a potential security concern, since it allows anyone to
modify the sequences created by others. This JIRA is to discuss how we can improve the security
of this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
> 2. AccessControl at Phoenix Layer by addition of user column in the {{SYSTEM.SEQUENCE}}
table and use it for access control (Can be error-prone for complex scenarios like sequence
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [] [~elserj]

This message was sent by Atlassian JIRA

View raw message