[
https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329698#comment-16329698
]
Hudson commented on PHOENIX-4528:
---------------------------------
FAILURE: Integrated in Jenkins build Phoenix-master #1915 (See
[https://builds.apache.org/job/Phoenix-master/1915/])
PHOENIX-4528 PhoenixAccessController checks permissions only at table
(karanmehta93: rev e3faa954952fbe6f9ea5a9e792a5d275d9193a53)
* (edit)
phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
* (edit)
phoenix-core/src/it/java/org/apache/phoenix/end2end/ChangePermissionsIT.java
* (edit)
phoenix-core/src/main/java/org/apache/phoenix/coprocessor/PhoenixAccessController.java
> PhoenixAccessController checks permissions only at table level when creating
> views
> ----------------------------------------------------------------------------------
>
> Key: PHOENIX-4528
> URL: https://issues.apache.org/jira/browse/PHOENIX-4528
> Project: Phoenix
> Issue Type: Bug
> Reporter: Karan Mehta
> Assignee: Karan Mehta
> Priority: Major
> Attachments: PHOENIX-4528.001.patch, PHOENIX-4528.repro-test.diff
>
>
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime
> a user wants to create a view on a base table. The {{requireAccess()}} method
> takes in tableName as the parameter and checks for user permissions only at
> that table level. The correct approach is to also check permissions at
> namespace level, since it is at a larger scope than per table level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created
> as {{TEST_SCHEMA:TEST_TABLE}} HBase table is namespace mapping is enabled.
> View creation on this table would fail if permissions are granted to just
> {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same
> permissions are granted at table level too.
> FYI. [~ankit.singhal] [[email protected]]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
