You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "mathias kluba (JIRA)" <ji...@apache.org> on 2016/02/26 22:26:18 UTC

[jira] [Created] (PHOENIX-2717) Unable to login if no "create" permission in HBase

mathias kluba created PHOENIX-2717:
--------------------------------------

             Summary: Unable to login if no "create" permission in HBase
                 Key: PHOENIX-2717
                 URL: https://issues.apache.org/jira/browse/PHOENIX-2717
             Project: Phoenix
          Issue Type: Bug
    Affects Versions: 4.4.0
         Environment: HDP 2.3.4
            Reporter: mathias kluba
            Priority: Blocker


I'm using HBase with Ranger, but I guess that we could have the same issue with internal HBase permission system.

When I try to connect to "hbase" using phoenix client, it crashes because of "Access Denied" exception.

The phoenix client try to create the SYSTEM.CATALOG table (and other SYSTEM tables) and catch only 2 exceptions :
NewerTableAlreadyExistsException and TableAlreadyExistsException 

It doesn't catch the "access denied" exception.

https://github.com/apache/phoenix/blob/master/phoenix-core/src/main/java/org/apache/phoenix/query/ConnectionQueryServicesImpl.java#L2279

In the end, I'm not able to connect to HBase using Phoenix for read purpose, I don't need to be able to create these SYSTEM tables...
I think that the code is a little bit dirty: it should check the existence of the table instead of trying to create it and catch exception.


I have a workaround for now: I grant the "create" permission in Ranger for "SYSTEM.*" tables: they already exist before the user try to connect, so it's not a problem to give them this access.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)