You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "mathias kluba (JIRA)" <ji...@apache.org> on 2016/02/26 22:26:18 UTC
[jira] [Created] (PHOENIX-2717) Unable to login if no "create"
permission in HBase
mathias kluba created PHOENIX-2717:
--------------------------------------
Summary: Unable to login if no "create" permission in HBase
Key: PHOENIX-2717
URL: https://issues.apache.org/jira/browse/PHOENIX-2717
Project: Phoenix
Issue Type: Bug
Affects Versions: 4.4.0
Environment: HDP 2.3.4
Reporter: mathias kluba
Priority: Blocker
I'm using HBase with Ranger, but I guess that we could have the same issue with internal HBase permission system.
When I try to connect to "hbase" using phoenix client, it crashes because of "Access Denied" exception.
The phoenix client try to create the SYSTEM.CATALOG table (and other SYSTEM tables) and catch only 2 exceptions :
NewerTableAlreadyExistsException and TableAlreadyExistsException
It doesn't catch the "access denied" exception.
https://github.com/apache/phoenix/blob/master/phoenix-core/src/main/java/org/apache/phoenix/query/ConnectionQueryServicesImpl.java#L2279
In the end, I'm not able to connect to HBase using Phoenix for read purpose, I don't need to be able to create these SYSTEM tables...
I think that the code is a little bit dirty: it should check the existence of the table instead of trying to create it and catch exception.
I have a workaround for now: I grant the "create" permission in Ranger for "SYSTEM.*" tables: they already exist before the user try to connect, so it's not a problem to give them this access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)