[
https://issues.apache.org/jira/browse/PHOENIX-7474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth reassigned PHOENIX-7474:
------------------------------------
Assignee: Richárd Antal
> Migrate IndexTool tables and make sure they are created
> -------------------------------------------------------
>
> Key: PHOENIX-7474
> URL: https://issues.apache.org/jira/browse/PHOENIX-7474
> Project: Phoenix
> Issue Type: Bug
> Reporter: Richárd Antal
> Assignee: Richárd Antal
> Priority: Major
>
> IndexTool uses 2 native HBase tables PHOENIX_INDEX_TOOL and
> PHOENIX_INDEX_TOOL_RESULT that were not under SYSTEM namespace/scheme
> When creating an ASYNC index and running the indexTool with a user that have
> 'RX' premission ON SCHEMA SYSTEM and 'RWX' ON SYSTEM.CATALOG
> We could face a AccessDeniedException (action=create)
> It is because IndexTool tries to create the above tables if they are not yet
> present.
> Some user don't have permission for that but they would have permission to
> create and index on a give table otherwise.
> To solve this we should create these tables similarly to other system tables.
> Also we should have these under SYSTEM schema/namespace.
> Steps to reproduce the issue:
> # Create test user (testuser2) on cluster
> # With admin permissions in phoenix:
> ** Create SCHEMA:
> *** CREATE SCHEMA IF NOT EXISTS test_schema2;
> ** Grants for testuser2:
> *** GRANT 'RX' ON SCHEMA SYSTEM TO 'testuser2';
> GRANT 'CRW' ON SCHEMA test_schema2 TO 'testuser2';
> # With testuser2:
> ** Create Table:
> *** CREATE TABLE test_schema2.table2 (id BIGINT not null primary key, date
> Date, amount INTEGER);
> *** {color:#ff0000}Error{color}:
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions for user ‘[email protected]',action: delete,
> tableName:SYSTEM:CATALOG, family:0, column: TRANSACTION_PROVIDER
> # With admin:
> ** Grant testuser2:
> *** GRANT 'RWX' ON SYSTEM.CATALOG TO 'testuser2';
> # testuser2:
> ** Create Table and Indices:
> *** CREATE TABLE test_schema2.table2 (id BIGINT not null primary key, date
> Date, amount INTEGER);
> *** CREATE INDEX test_index3 ON test_schema2.table2(date DESC);
> *** CREATE INDEX test_index4 ON test_schema2.table2(date DESC) ASYNC;
> ** Run IndexTool:
> *** hbase org.apache.phoenix.mapreduce.index.IndexTool --schema test_schema2
> --data-table table2 --index-table test_index4 --output-path /tmp/
> *** {color:#ff0000}Error{color}: An exception occurred while performing the
> indexing job: AccessDeniedException:
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions for user '[email protected]' (action=create)
> Creating a dummy ASYNC index with admin or GRANT 'C' TO 'testuser2'; resolves
> this error
> *
> ** IndexTool Again:
> *** {color:#ff0000}Error{color}: Caused by:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
> Permission denied: user=testuser2, access=WRITE,
> inode="/user":hdfs:supergroup:drwxr-xr-x
> # hdfs admin:
> ** hdfs dfs -mkdir /user/testuser2
> hdfs dfs -chown testuser2 /user/testuser2
> hdfs dfs -chmod -R 770 /user/testuser2
> # testuser2:
> ** IndexTool Again
> Job sumbitted and run succesfully. TEST_INDEX4 is shown as "ACTIVE" in
> phoenix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
