Rajeshbabu Chintaguntla commented on PHOENIX-4528:

FYI [~an...@apache.org] this also need to ported to 5.x branch after 
PHOENIX-4198 fixed in the branch.

> PhoenixAccessController checks permissions only at table level when creating 
> views
> ----------------------------------------------------------------------------------
>                 Key: PHOENIX-4528
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4528
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>             Fix For: 4.14.0
>         Attachments: PHOENIX-4528.001.patch, PHOENIX-4528.master.001.patch, 
> PHOENIX-4528.repro-test.diff
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime 
> a user wants to create a view on a base table. The {{requireAccess()}} method 
> takes in tableName as the parameter and checks for user permissions only at 
> that table level. The correct approach is to also check permissions at 
> namespace level, since it is at a larger scope than per table level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created 
> as {{TEST_SCHEMA:TEST_TABLE}} HBase table is namespace mapping is enabled. 
> View creation on this table would fail if permissions are granted to just 
> {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same 
> permissions are granted at table level too.
> FYI. [~ankit.singhal] [~twdsi...@gmail.com]

This message was sent by Atlassian JIRA

Reply via email to