[
https://issues.apache.org/jira/browse/PHOENIX-4657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chinmay Kulkarni updated PHOENIX-4657:
--------------------------------------
Labels: phoenix-hardening (was: )
> Allow global connections to see tenant-owned objects
> ----------------------------------------------------
>
> Key: PHOENIX-4657
> URL: https://issues.apache.org/jira/browse/PHOENIX-4657
> Project: Phoenix
> Issue Type: New Feature
> Affects Versions: 4.13.0
> Reporter: Geoffrey Jacoby
> Priority: Major
> Labels: phoenix-hardening
>
> Views and indexes created by tenant connections are invisible to global
> connections. This is problematic in environments where normal users are
> always assigned tenant connections but system-level processes and admin tools
> use globals.
> A user can create a view or index that an administrator using, say, sqlline,
> cannot easily drop.
> In offline conversations, I've learned that one reason for this is
> disambiguation: tenant A and tenant B can both create an object called
> "Test.Foo".
> One straightforward way around this problem is to allow the global connection
> to fully qualify the object name. For example, to drop the views in the above
> example, a user could do the following:
> DROP VIEW IF EXISTS "A".Test.Foo
> DROP VIEW IF EXISTS "B".Test.Foo
> (The quotes are there to disambiguate <tenant_id>.<view name> from
> <schema>.<view_name>)
> If some environments wish to forbid global connections from seeing
> tenant-owned objects (the old behavior), this could perhaps be configurable
> server-side in hbase-site.xml, or alternately, by an enhancement to the GRANT
> functionality.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
