[
https://issues.apache.org/jira/browse/HBASE-24018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17062139#comment-17062139
]
Andrew Kyle Purtell commented on HBASE-24018:
---------------------------------------------
Previous JIRAs have been filed about this. You can search for earlier
discussion.
Schema can carry arbitrary attributes. Those attributes may be sensitive. This
is why ADMIN or CREATE permission is required to read the descriptor, and why
separate APIs are available to list names (which are not sensitive) and
descriptors (which are).
> Access check for getTableDescriptors is too restrictive
> -------------------------------------------------------
>
> Key: HBASE-24018
> URL: https://issues.apache.org/jira/browse/HBASE-24018
> Project: HBase
> Issue Type: Improvement
> Reporter: Abhishek Singh Chouhan
> Priority: Major
>
> Currently getTableDescriptor requires a user to have Admin or Create
> permissions. A client might need to get table descriptors to act accordingly
> eg. based on an attribute set or a CP loaded. It should not be necessary for
> the client to have create or admin privileges just to read the descriptor,
> execute and/or read permission should be sufficient?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
