Enis Soztutar created HBASE-15147:
-------------------------------------
Summary: Shell should use Admin.listTableNames() instead of
Admin.listTables()
Key: HBASE-15147
URL: https://issues.apache.org/jira/browse/HBASE-15147
Project: HBase
Issue Type: Bug
Reporter: Enis Soztutar
Assignee: Enis Soztutar
Fix For: 2.0.0, 1.2.0, 1.3.0, 1.1.4
It seems that getTableDescriptors() in master checks for A and C permissions
while getTableNames() checks for any privilege on the table. The reasoning is
explained here:
https://issues.apache.org/jira/browse/HBASE-12564?focusedCommentId=14234504&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14234504
We should change the shell command for {{list}} to use the getTableNames()
version because of this. Otherwise a user having only R or W cannot list the
table name.
This has been reported from a user here:
https://community.hortonworks.com/questions/10742/why-does-a-user-need-create-permission-for-list-co.html#comment-11000.
While we are at it, should we revisit the fact that you cannot get a table
descriptor if you have only R or W? It seems strange that you cannot even know
the CF names of a table that you can read from. I could not find info about the
"describe" privileges on SQL databases. However, if there are use cases where
Table descriptor might contain sensitive info, the current semantics seems
fine. cc [~apurtell] and [~mbertozzi].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
