[ https://issues.apache.org/jira/browse/HBASE-12564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234525#comment-14234525 ]
Matteo Bertozzi commented on HBASE-12564: ----------------------------------------- {quote}No, users with read or write access should not be granted permission to potentially sensitive information in the schema.{quote} yeah, sorry maybe I was not clear. I was talking about the getTableNames() which just returns the table names. In that case if the user have "access" to the table (by access I mean any RWXCA on any level of the table) the shell "list" will display the names (only names). while for the descriptor as you said only users granted with ADMIN/CREATE can see the table schema. > consolidate the getTableDescriptors() semantic > ---------------------------------------------- > > Key: HBASE-12564 > URL: https://issues.apache.org/jira/browse/HBASE-12564 > Project: HBase > Issue Type: Bug > Components: Client, master > Affects Versions: 2.0.0 > Reporter: Matteo Bertozzi > Assignee: Matteo Bertozzi > Priority: Minor > Fix For: 2.0.0 > > Attachments: HBASE-12564-v0.patch, HBASE-12564-v1.patch, > HBASE-12564-v2.patch > > > Master getTableDescriptors() which is called by Admin.listTables() has a > couple of different behaviors depending on how it is called. > after HBASE-12073 with the AccessController enabled, we now get a "global > admin" required if listTables() is called without a regex otherwise we return > only the table that the user can see (we show only the tables that the user > have access to, which means or the user is a global admin or it has a > table-level create/admin). We probably should have the second behavior even > without regex, since I should able to see "my own tables". > getTableDescriptors() is returning only non system tables. Tools like > user_permission that are doing "for each listTable(): userPerm(table)" are > losing the system tables, so stuff like user_permission 'hbase:acls' will not > result any result. -- This message was sent by Atlassian JIRA (v6.3.4#6332)