[ https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas D'Silva reassigned PHOENIX-4529: --------------------------------------- Assignee: (was: Thomas D'Silva) > Users should only require RX access to SYSTEM.SEQUENCE table > ------------------------------------------------------------ > > Key: PHOENIX-4529 > URL: https://issues.apache.org/jira/browse/PHOENIX-4529 > Project: Phoenix > Issue Type: Bug > Reporter: Karan Mehta > Priority: Major > > Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and > other tables, since the code is run on the server side as login user. However > for {{SYSTEM.SEQUENCE}}, write permission is still needed. This is a > potential security concern, since it allows anyone to modify the sequences > created by others. This JIRA is to discuss how we can improve the security of > this table. > Potential options include > 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and > above) > 2. AccessControl at Phoenix Layer by addition of user column in the > {{SYSTEM.SEQUENCE}} table and use it for access control (Can be error-prone > for complex scenarios like sequence sharing) > Please advice. > [~tdsilva] [~jamestaylor] [~apurtell] [~an...@apache.org] [~elserj] -- This message was sent by Atlassian JIRA (v7.6.3#76005)