[
https://issues.apache.org/jira/browse/HBASE-11043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977951#comment-13977951
]
Liu Shaohui commented on HBASE-11043:
-------------------------------------
[~jdcryans] [~apurtell]
I agree that hbase should restrict HTableDescriptor enumeration with HBASE-8692.
But My question is that why to restrict users with table's read/write
permission to get the table' description?
Usually, a user with table's read/write permission need to known somethings
about the table' description.
For example, hive on hbase need to get the table description to check if the
mapping is right, and usaully the hive user only have table read'permission.
see: HBaseStorageHandler.java
http://grepcode.com/file/repository.cloudera.com/content/repositories/releases/org.apache.hadoop.hive/hive-hbase-handler/0.7.1-cdh3u3b/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java?av=h#184
> Users with table's read/write permission can't get table's description
> ----------------------------------------------------------------------
>
> Key: HBASE-11043
> URL: https://issues.apache.org/jira/browse/HBASE-11043
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.99.0
> Reporter: Liu Shaohui
> Priority: Minor
> Attachments: HBASE-11043-trunk-v1.diff
>
>
> AccessController#preGetTableDescriptors only allow users with admin or create
> permission to get table's description.
> {quote}
> requirePermission("getTableDescriptors", nameAsBytes, null, null,
> Permission.Action.ADMIN, Permission.Action.CREATE);
> {quote}
> I think Users with table's read/write permission should also be able to get
> table's description.
> Eg: when create a hive table on HBase, hive will get the table description
> to check if the mapping is right. Usually the hive users only have the read
> permission of table.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
