Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
Currently, users don't need to have Write access to SYSTEM.CATALOG and other tables, since the code is run on the server side as login user. However for SYSTEM.SEQUENCE, write permission is still needed. This is a potential security concern, since it allows anyone to modify the sequences created by others. This JIRA is to discuss how we can improve the security of this table.
Potential options include
1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and above)
2. AccessControl at Phoenix Layer by addition of user column in the SYSTEM.SEQUENCE table and use it for access control (Can be error-prone for complex scenarios like sequence sharing)
Please advice.
tdsilva jamestaylor apurtell ankit@apache.org elserj
Attachments
Issue Links
- depends upon
-
HBASE-19842 Cell ACLs v2
- Open