Karan Mehta created PHOENIX-4430:
------------------------------------
Summary: Restrict the read of table metadata from SYSTEM CATALOG
based on user permissions
Key: PHOENIX-4430
URL: https://issues.apache.org/jira/browse/PHOENIX-4430
Project: Phoenix
Issue Type: Improvement
Reporter: Karan Mehta
PHOENIX-4198 removes the need for users to have write access to SYSTEM.CATALOG
table, by impersonating as login user on the server side. Users now require
just READ and EXEC access on the table.
Users can still, however, run {{SELECT * FROM SYSTEM.CATALOG}} and read other
table's metadata. Some applications might require greater level of security and
want to restrict meta-data read as well.
This JIRA is to discuss potential solutions for this problem. If we restrict a
table's metadata, then we have to restrict the metadata for index and views as
well.
HBase allows users to set row-level permissions as well. Although we don't
expose it via SQL API in PHOENIX-672, we can use it internally to grant/revoke
permissions on specific metadata rows. The grant/revoke commands will also have
to change the permissions on SYSCAT rows appropriately. Challenges and corner
cases will come in cases of tenant specific views, which can be generated on
the fly and the row key starts with TenantID followed by table name.
Other ideas / suggestions welcome.
[[email protected]] [[email protected]] [~jamestaylor] [~apurtell]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
