[
https://issues.apache.org/jira/browse/HBASE-24018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17062186#comment-17062186
]
Andrew Kyle Purtell edited comment on HBASE-24018 at 3/19/20, 12:58 AM:
------------------------------------------------------------------------
"Access check for getTableDescriptors is too restrictive" was the ask. Just to
be clear this could very well cause a leak of sensitive schema information at
random user sites, so I'm definitely -1 on the general case. It has also been
discussed before, hence why I went ahead and closed this, because, really, this
isn't a problem and won't be "fixed".
If looking for only specific information please change the description to be
scoped for the actual ask.
was (Author: apurtell):
"Access check for getTableDescriptors is too restrictive" was the ask. Just to
be clear this could very well cause a leak of sensitive schema information at
random user sides so I'm definitely -1 on the general case.
If looking for only specific information please change the description to be
scoped for the actual ask.
> Coprocessor existence check for READ level privilege
> ----------------------------------------------------
>
> Key: HBASE-24018
> URL: https://issues.apache.org/jira/browse/HBASE-24018
> Project: HBase
> Issue Type: Improvement
> Reporter: Abhishek Singh Chouhan
> Priority: Major
>
> Currently getTableDescriptor requires a user to have Admin or Create
> permissions. A client might need to get table descriptors to act accordingly
> eg. based on an attribute set or a CP loaded. It should not be necessary for
> the client to have create or admin privileges just to read the descriptor,
> execute and/or read permission should be sufficient?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
