[ 
https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353292#comment-16353292
 ] 

Thomas D'Silva commented on PHOENIX-4529:
-----------------------------------------

[~jamestaylor] 
If we have tenant specific sequences will they be in the same region as the 
global sequences of the same schema using our previous  implementation of 
MetaDataSplitPolicy? It wasn't clear looking at the code. If so I think we can 
use this policy and rely on locking these rows.
[~karanmehta93]
Good point, we will have to handle the initial creation of sequences for users 
that don't have write access at the table or namespace/schema scope. We could 
handle this on the server side similar to how its currently handled for 
SYSTEM.CATALOG in MetadataEndpointImpl using User.runAsLoginUser.
[~apurtell]
Instead of using cell-level acls, we could implement our own AccessController 
that wraps the {{checkCoveringPermission()}} and {{internalPreRead()}} methods 
of AccessController. For SYSTEM.SEQUENCE we could validate that the user has 
access by extracting the schema name of  the sequence from the rowkey. 
We wouldn't have to re-write cell acls whenever a permission is granted or 
revoked to a user. 


> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>
>                 Key: PHOENIX-4529
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Thomas D'Silva
>            Priority: Major
>
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and 
> other tables, since the code is run on the server side as login user. However 
> for {{SYSTEM.SEQUENCE}}, write permission is still needed. This is a 
> potential security concern, since it allows anyone to modify the sequences 
> created by others. This JIRA is to discuss how we can improve the security of 
> this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and 
> above)
> 2. AccessControl at Phoenix Layer by addition of user column in the 
> {{SYSTEM.SEQUENCE}} table and use it for access control (Can be error-prone 
> for complex scenarios like sequence sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [~an...@apache.org] [~elserj]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to