[
https://issues.apache.org/jira/browse/HBASE-11043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17110287#comment-17110287
]
Ruslan Sabitov commented on HBASE-11043:
----------------------------------------
User without CREATE permission can't get information about a table when running
describe <table> command in the hbase shell. I think it's excessively to give
CREATE permission only for getting table info. Furthermore user can get this
information in HBase web UI.
I see two ways to solve this:
Make sensitive table attributes like data enpryption key protected and exclude
them if user has no CREATE or ADMIN privileges.
Forbid to store sensitive data in attributes and make warning about that in
the documentation.
> Users with table's read/write permission can't get table's description
> ----------------------------------------------------------------------
>
> Key: HBASE-11043
> URL: https://issues.apache.org/jira/browse/HBASE-11043
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.99.0
> Reporter: Shaohui Liu
> Priority: Minor
> Attachments: HBASE-11043-trunk-v1.diff
>
>
> AccessController#preGetTableDescriptors only allow users with admin or create
> permission to get table's description.
> {quote}
> requirePermission("getTableDescriptors", nameAsBytes, null, null,
> Permission.Action.ADMIN, Permission.Action.CREATE);
> {quote}
> I think Users with table's read/write permission should also be able to get
> table's description.
> Eg: when create a hive table on HBase, hive will get the table description
> to check if the mapping is right. Usually the hive users only have the read
> permission of table.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
