Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-4528

PhoenixAccessController checks permissions only at table level when creating views

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.14.0
    • Labels:
      None

      Description

      The PhoenixAccessController#preCreateTable() method is invoked everytime a user wants to create a view on a base table. The requireAccess() method takes in tableName as the parameter and checks for user permissions only at that table level. The correct approach is to also check permissions at namespace level, since it is at a larger scope than per table level.

      For example, if the table name is TEST_SCHEMA.TEST_TABLE, it will created as TEST_SCHEMA:TEST_TABLE HBase table is namespace mapping is enabled. View creation on this table would fail if permissions are granted to just TEST_SCHEMA and not on TEST_TABLE. It works correctly if same permissions are granted at table level too.

      FYI. Ankit Singhal Thomas D'Silva

        Attachments

        1. PHOENIX-4528_5.x-HBase-2.0.patch
          12 kB
          Rajeshbabu Chintaguntla
        2. PHOENIX-4528.master.001.patch
          14 kB
          Karan Mehta
        3. PHOENIX-4528.001.patch
          14 kB
          Karan Mehta
        4. PHOENIX-4528.repro-test.diff
          2 kB
          Karan Mehta

          Issue Links

            Activity

              People

              • Assignee:
                karanmehta93 Karan Mehta
                Reporter:
                karanmehta93 Karan Mehta
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: