Karan Mehta created PHOENIX-4529:
------------------------------------
Summary: Users should only require RX access to SYSTEM.SEQUENCE
table
Key: PHOENIX-4529
URL: https://issues.apache.org/jira/browse/PHOENIX-4529
Project: Phoenix
Issue Type: Bug
Reporter: Karan Mehta
Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and
other tables, since the code is run on the server side as login user. However
for {{SYSTEM.SEQUENCE}}, write permission is still needed. This is a potential
security concern, since it allows anyone to modify the sequences created by
others. This JIRA is to discuss how we can improve the security of this table.
Potential options include
1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and
above)
2. AccessControl at Phoenix Layer by addition of user column in the
{{SYSTEM.SEQUENCE}} table and use it for access control (Can be error-prone for
complex scenarios like sequence sharing)
Please advice.
[~tdsilva] [~jamestaylor] [~apurtell] [~an...@apache.org] [~elserj]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
