Github user ankitsinghal commented on a diff in the pull request:
https://github.com/apache/phoenix/pull/283#discussion_r152648189
--- Diff:
phoenix-core/src/main/java/org/apache/phoenix/coprocessor/PhoenixAccessController.java
---
@@ -229,17 +227,12 @@ public void
handleRequireAccessOnDependentTable(String request, String userName,
+ dependentTable);
return;
}
- if (isAutomaticGrantEnabled) {
--- End diff --
@karanmehta93
Strict mode:- It will check permissions for dependent tables as well. For
eg, If a user who has all access on data table is creating an index, then we
need to ensure that all others users of data table can also access a new index
table.
AutomaticGrant:- It will automatically grant required permissions to
dependent table users.
@twdsilva , what about the case when a new index is been created?
Purpose of the automatic grant:- let's say there are three users A and B
have READ permission on the data-table and user C has RWC permission on
data-table. so if user B creates an index, then we need to ensure that user A
and C should also be able to read the index and C should be able to write to
this Index and can drop the index also. so we will give only the required
permission to the users of data-table on the index table. So, Access should
propagate like this.
user | access data table | access on index table | with Automatic
grant(access on index table will change like this) | comments
-- | -- | -- | -- | --
A | RAX | no access | RX | RX will be given on index table
B | RX | RWXC | RWXC | no grant will happen
C | RWXAC | no access | RWCX | read ,write and create will be given so that
it can read/write to index table and drop as well.
---
