Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
As a sanity check, the Phoenix client verifies that SCN for a query is not before the TTL of any table involved in the query. This causes problems if access control is enabled and the current user doesn't have ADMIN or CREATE privileges, because HBase requires schema-altering privileges to read the full schema in getTableDescriptor.
According to the HBase community, this is because sensitive config parameters can be stored in table descriptor properties, such as those used in HBase encryption. See HBASE-24018, HBASE-8692, and HBASE-9182 for previous discussion, and PHOENIX-5750 for a previous instance where this has affected Phoenix.
Attachments
Issue Links
- links to