[
https://issues.apache.org/jira/browse/HBASE-11043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17110530#comment-17110530
]
Andrew Kyle Purtell commented on HBASE-11043:
---------------------------------------------
bq. Make sensitive table attributes like data enpryption key protected and
exclude them if user has no CREATE or ADMIN privileges.
This works for the table attributes we know about, but not for user set
attributes which may or may not be sensitive. So, to be safe, we don't allow
schema to be viewed by credentials with less than CREATE or ADMIN level trust.
> Users with table's read/write permission can't get table's description
> ----------------------------------------------------------------------
>
> Key: HBASE-11043
> URL: https://issues.apache.org/jira/browse/HBASE-11043
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.99.0
> Reporter: Shaohui Liu
> Priority: Minor
> Attachments: HBASE-11043-trunk-v1.diff
>
>
> AccessController#preGetTableDescriptors only allow users with admin or create
> permission to get table's description.
> {quote}
> requirePermission("getTableDescriptors", nameAsBytes, null, null,
> Permission.Action.ADMIN, Permission.Action.CREATE);
> {quote}
> I think Users with table's read/write permission should also be able to get
> table's description.
> Eg: when create a hive table on HBase, hive will get the table description
> to check if the mapping is right. Usually the hive users only have the read
> permission of table.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
