You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Chinmay Kulkarni (Jira)" <ji...@apache.org> on 2019/08/20 00:49:00 UTC
[jira] [Updated] (PHOENIX-4657) Allow global connections to see
tenant-owned objects
[ https://issues.apache.org/jira/browse/PHOENIX-4657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chinmay Kulkarni updated PHOENIX-4657:
--------------------------------------
Labels: phoenix-hardening (was: )
> Allow global connections to see tenant-owned objects
> ----------------------------------------------------
>
> Key: PHOENIX-4657
> URL: https://issues.apache.org/jira/browse/PHOENIX-4657
> Project: Phoenix
> Issue Type: New Feature
> Affects Versions: 4.13.0
> Reporter: Geoffrey Jacoby
> Priority: Major
> Labels: phoenix-hardening
>
> Views and indexes created by tenant connections are invisible to global connections. This is problematic in environments where normal users are always assigned tenant connections but system-level processes and admin tools use globals.
> A user can create a view or index that an administrator using, say, sqlline, cannot easily drop.
> In offline conversations, I've learned that one reason for this is disambiguation: tenant A and tenant B can both create an object called "Test.Foo".
> One straightforward way around this problem is to allow the global connection to fully qualify the object name. For example, to drop the views in the above example, a user could do the following:
> DROP VIEW IF EXISTS "A".Test.Foo
> DROP VIEW IF EXISTS "B".Test.Foo
> (The quotes are there to disambiguate <tenant_id>.<view name> from <schema>.<view_name>)
> If some environments wish to forbid global connections from seeing tenant-owned objects (the old behavior), this could perhaps be configurable server-side in hbase-site.xml, or alternately, by an enhancement to the GRANT functionality.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)