Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-4529

Users should only require RX access to SYSTEM.SEQUENCE table

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      Currently, users don't need to have Write access to SYSTEM.CATALOG and other tables, since the code is run on the server side as login user. However for SYSTEM.SEQUENCE, write permission is still needed. This is a potential security concern, since it allows anyone to modify the sequences created by others. This JIRA is to discuss how we can improve the security of this table.

      Potential options include
      1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
      2. AccessControl at Phoenix Layer by addition of user column in the SYSTEM.SEQUENCE table and use it for access control (Can be error-prone for complex scenarios like sequence sharing)

      Please advice.
      Thomas D'Silva James R. Taylor Andrew Kyle Purtell Ankit Singhal Josh Elser

      Attachments

        Issue Links

        depends upon

        New Feature - A new feature of the product, which has yet to be developed. HBASE-19842 Cell ACLs v2

        • Major - Major loss of function.
        • Open

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            karanmehta93 Karan Mehta
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment