[
https://issues.apache.org/jira/browse/PHOENIX-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16352892#comment-16352892
]
James Taylor commented on PHOENIX-4529:
---------------------------------------
[~tdsilva] - how about just adding a split policy of MetaDataSplitPolicy if you
need to prevent a split for a given tenant+schema?
> Users should only require RX access to SYSTEM.SEQUENCE table
> ------------------------------------------------------------
>
> Key: PHOENIX-4529
> URL: https://issues.apache.org/jira/browse/PHOENIX-4529
> Project: Phoenix
> Issue Type: Bug
> Reporter: Karan Mehta
> Assignee: Thomas D'Silva
> Priority: Major
>
> Currently, users don't need to have Write access to {{SYSTEM.CATALOG}} and
> other tables, since the code is run on the server side as login user. However
> for {{SYSTEM.SEQUENCE}}, write permission is still needed. This is a
> potential security concern, since it allows anyone to modify the sequences
> created by others. This JIRA is to discuss how we can improve the security of
> this table.
> Potential options include
> 1. Usage of HBase Cell Level Permissions (works only with HFile version 3 and
> above)
> 2. AccessControl at Phoenix Layer by addition of user column in the
> {{SYSTEM.SEQUENCE}} table and use it for access control (Can be error-prone
> for complex scenarios like sequence sharing)
> Please advice.
> [~tdsilva] [~jamestaylor] [~apurtell] [[email protected]] [~elserj]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
