[jira] [Commented] (PHOENIX-4528) PhoenixAccessController checks permissions only at table level when creating views

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325409#comment-16325409
 ] 

ASF GitHub Bot commented on PHOENIX-4528:
-----------------------------------------

GitHub user karanmehta93 opened a pull request:

    https://github.com/apache/phoenix/pull/289

    PHOENIX-4528 PhoenixAccessController checks permissions only at table…

    … level when creating views
    
    @ankitsinghal @twdsilva Please review.
    
    @ankitsinghal Please suggest new tests that can be added to verify this 
patch. The test that I added only verifies that create views would succeed. The 
change that I have made is generic, however it will be good to add tests that 
cover scenarios that include creation or dropping of index tables.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/karanmehta93/phoenix PHOENX-4528

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/phoenix/pull/289.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #289
    
----
commit 9490469b1f4977e1cca63558caad9472d6f2b2a8
Author: Karan Mehta <karanmehta93@...>
Date:   2018-01-14T01:10:31Z

    PHOENIX-4528 PhoenixAccessController checks permissions only at table level 
when creating views

----


> PhoenixAccessController checks permissions only at table level when creating 
> views
> ----------------------------------------------------------------------------------
>
>                 Key: PHOENIX-4528
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4528
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>         Attachments: PHOENIX-4528.repro-test.diff
>
>
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime 
> a user wants to create a view on a base table. The {{requireAccess()}} method 
> takes in tableName as the parameter and checks for user permissions only at 
> that table level. The correct approach is to also check permissions at 
> namespace level, since it is at a larger scope than per table level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created 
> as {{TEST_SCHEMA:TEST_TABLE}} HBase table is namespace mapping is enabled. 
> View creation on this table would fail if permissions are granted to just 
> {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same 
> permissions are granted at table level too.
> FYI. [~ankit.singhal] [~twdsi...@gmail.com]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)