Phoenix-4.8 version of the SYSTEM table permissions issues

[天真 <41...@qq.com>]

If a phoenix's multi-tenant + kerberos is used to authorize one of the tenants, the authorized tenant is not authorized to delete data from the other tenant's hbase. But you can delete the phoenix of the SYSTEM.CATALOG data. Is this a bug?

Re: Phoenix-4.8 version of the SYSTEM table permissions issues

[Ankit Singhal <an...@gmail.com>]

It has been assumed that your Phoenix tenants are mapped to an
authenticated users.

On Wed, Dec 7, 2016 at 11:02 AM, Ankit Singhal <an...@gmail.com>
wrote:

> SYSTEM tables are shared among tenants, if you want to control access for
> SYSTEM tables to a particular tenant then you should define ACLs at HBase
> level only.
>
> On Wed, Dec 7, 2016 at 7:23 AM, 天真 <41...@qq.com> wrote:
>
>> If a phoenix's multi-tenant + kerberos is used to authorize one of the
>> tenants, the authorized tenant is not authorized to delete data from the
>> other tenant's hbase. But you can delete the phoenix of the SYSTEM.CATALOG
>> data. Is this a bug?
>
>
>

Re: Phoenix-4.8 version of the SYSTEM table permissions issues

[Ankit Singhal <an...@gmail.com>]

SYSTEM tables are shared among tenants, if you want to control access for
SYSTEM tables to a particular tenant then you should define ACLs at HBase
level only.

On Wed, Dec 7, 2016 at 7:23 AM, 天真 <41...@qq.com> wrote:

> If a phoenix's multi-tenant + kerberos is used to authorize one of the
> tenants, the authorized tenant is not authorized to delete data from the
> other tenant's hbase. But you can delete the phoenix of the SYSTEM.CATALOG
> data. Is this a bug?