Thomas D'Silva reassigned PHOENIX-4529:

    Assignee:     (was: Thomas D'Silva)

> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>                 Key: PHOENIX-4529
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4529
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Karan Mehta
>            Priority: Major
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and 
> other tables, since the code is run on the server side as login user. However 
> for {{SYSTEM.SEQUENCE}}, write permission is still needed. This is a 
> potential security concern, since it allows anyone to modify the sequences 
> created by others. This JIRA is to discuss how we can improve the security of 
> this table. 
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and 
> above)
> 2. AccessControl at Phoenix Layer by addition of user column in the 
> {{SYSTEM.SEQUENCE}} table and use it for access control (Can be error-prone 
> for complex scenarios like sequence sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [~an...@apache.org] [~elserj]

This message was sent by Atlassian JIRA

Reply via email to