[ https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16514147#comment-16514147 ]
Rajeshbabu Chintaguntla commented on PHOENIX-4528: -------------------------------------------------- Committed the v3 patch to 5.x-HBase-2.0. > PhoenixAccessController checks permissions only at table level when creating > views > ---------------------------------------------------------------------------------- > > Key: PHOENIX-4528 > URL: https://issues.apache.org/jira/browse/PHOENIX-4528 > Project: Phoenix > Issue Type: Bug > Reporter: Karan Mehta > Assignee: Karan Mehta > Priority: Major > Fix For: 4.14.0, 5.0.0 > > Attachments: PHOENIX-4528.001.patch, PHOENIX-4528.master.001.patch, > PHOENIX-4528.repro-test.diff, PHOENIX-4528_5.x-HBase-2.0.patch, > PHOENIX-4528_5.x-HBase-2.0_v2.patch, PHOENIX-4528_5.x-HBase-2.0_v3.patch > > > The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime > a user wants to create a view on a base table. The {{requireAccess()}} method > takes in tableName as the parameter and checks for user permissions only at > that table level. The correct approach is to also check permissions at > namespace level, since it is at a larger scope than per table level. > For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created > as {{TEST_SCHEMA:TEST_TABLE}} HBase table is namespace mapping is enabled. > View creation on this table would fail if permissions are granted to just > {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same > permissions are granted at table level too. > FYI. [~ankit.singhal] [~twdsi...@gmail.com] -- This message was sent by Atlassian JIRA (v7.6.3#76005)