[
https://issues.apache.org/jira/browse/PHOENIX-3756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954487#comment-15954487
]
Josh Elser commented on PHOENIX-3756:
-------------------------------------
Thanks for taking a look, James!
bq. is there a possibility that the AccessDeniedException would be further
down the cause chain?
Very possible, I'm sure. Will switch it over to the API you recommended.
> Users lacking ADMIN on 'SYSTEM' HBase namespace can't connect to Phoenix
> ------------------------------------------------------------------------
>
> Key: PHOENIX-3756
> URL: https://issues.apache.org/jira/browse/PHOENIX-3756
> Project: Phoenix
> Issue Type: Bug
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 4.11.0
>
> Attachments: PHOENIX-3756.001.patch, PHOENIX-3756.002.patch,
> PHOENIX-3756.003.patch, PHOENIX-3756.004.patch
>
>
> Follow-on from PHOENIX-3652:
> The fix provided in PHOENIX-3652 addressed the default situation where users
> would need ADMIN on the default HBase namespace. However, when
> {{phoenix.schema.isNamespaceMappingEnabled=true}} and Phoenix creates its
> system tables in the {{SYSTEM}} HBase namespace, unprivileged users (those
> lacking ADMIN on {{SYSTEM}}) still cannot connect to Phoenix.
> The root-cause is essentially the same: the code tries to fetch the
> {{NamespaceDescriptor}} for the {{SYSTEM}} namespace which requires the ADMIN
> permission.
> https://github.com/apache/phoenix/blob/8093d10f1a481101d6c93fdf0744ff15ec48f4aa/phoenix-core/src/main/java/org/apache/phoenix/query/ConnectionQueryServicesImpl.java#L1017-L1037
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
