[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313403#comment-15313403 ] Guang Yang commented on HBASE-15942: Thanks all for the comments. I might be wrong, but at least for now, only the table schema would be exposed to caller once the validation passed (HMaster#getTableDescriptors), the details of HCD (including the encryption keys, etc) would not. As [~andrew.purt...@gmail.com] pointed out, more information might get added to HTD and HCD, but if the contract that we only expose schema for the getTableDescriptors holds, I guess we are safe in that regard? > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313005#comment-15313005 ] Matteo Bertozzi commented on HBASE-15942: - I guess in this case we want to describe the table to list the column families. so we can provide a smaller version of the descriptor with the families if the user requesting has not CREATE/ADMIN but has read/write on them. but at that point the descriptor will be "wrong" because the defaults returned by the getter will not represent the real value. adding another mapping to know permission of each conf seems too much. do you guys have other suggestion? introducing a String[] listFamilies(table) which is more or less the same as listTableNames() seems just an hack but if that is the only case it simplifies things a lot. > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312828#comment-15312828 ] Andrew Purtell commented on HBASE-15942: bq. I believe we store encryption keys in HTD / HCD which is considered sensitive data. Correct. However furthermore a user can put any metadata they want into HTD or HCD and so both structures must be considered potentially sensitive on that score as well. > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312820#comment-15312820 ] Enis Soztutar commented on HBASE-15942: --- bq. there may also be a reason that we don't want to expose some "config" passed to the table descriptors to the user. I believe we store encryption keys in HTD / HCD which is considered sensitive data. [~apurtell] may have some more insights. > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312819#comment-15312819 ] Guang Yang commented on HBASE-15942: Thanks [~mbertozzi], yeah that is what the patch does (I guess there are two ways to represent the permission to access all CFs: a. the CF field is empty, b. a full lis to CFs, this patch only takes care of the former one). Thanks for help to look at the patch. > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312733#comment-15312733 ] Matteo Bertozzi commented on HBASE-15942: - I haven't checked the patch yet (I'll promise I'll do that later). the only reason we have only ADMIN/CREATE able to describe the table is because we don't want to leak the descriptor to people that has only permission to read/write a single qualifier. there may also be a reason that we don't want to expose some "config" passed to the table descriptors to the user. for the second we may need to add filtering to the various getters we have in HTD/HCD. and maybe not worth at this point? for the first one in theory is possible to have users that have access to every cfs see the descriptor (which I guess is what your patch does, again I'll give it a look at it later). > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312728#comment-15312728 ] Dima Spivak commented on HBASE-15942: - Yeah, I think it's what you say. An administrator may not want a user who can read data in a table to have information about the TTL or details about whether replication is enabled, for example. My bigger concern though is the fact that changing it now would be tantamount to a privilege escalation, which could be a very unwelcome break for people used to doing this as they are currently documented. Anyone else have thoughts? > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15312654#comment-15312654 ] Guang Yang commented on HBASE-15942: Thanks [~dimaspivak] for the quick reply. In practice, we may grant access of the table to multiple users (e.g. the engineering team, headless account), they are able to RW the table but not describe to check the schema... which is kind of weird. Is there a security risk that that you are concern of? > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15311846#comment-15311846 ] Dima Spivak commented on HBASE-15942: - Hm, I'm not sure I'd call this a bug as it's specifically referenced as the correct behavior in our ref guide. Changing this now might cause more confusion than it would fix... :-/ > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-15942) User with 'RWX' permission of the table should be able to describe the table
[ https://issues.apache.org/jira/browse/HBASE-15942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15311693#comment-15311693 ] Guang Yang commented on HBASE-15942: The patch also contains a minor refactoring for AccessController#requirePermission, which might unnecessarily create some AuthResult instances. > User with 'RWX' permission of the table should be able to describe the table > > > Key: HBASE-15942 > URL: https://issues.apache.org/jira/browse/HBASE-15942 > Project: HBase > Issue Type: Bug > Components: Admin >Reporter: Guang Yang >Priority: Minor > Attachments: HBASE-15942.v0.patch > > > Currently only the user who has 'ADMIN' or 'CREATE' permission could describe > the table (via shell), it brings some inconvenience and confusion to those > uses who have RWX permission since they couldn't describe the table to get > the schema. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
