[ https://issues.apache.org/jira/browse/HBASE-24018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17062186#comment-17062186 ]
Andrew Kyle Purtell edited comment on HBASE-24018 at 3/19/20, 12:58 AM: ------------------------------------------------------------------------ "Access check for getTableDescriptors is too restrictive" was the ask. Just to be clear this could very well cause a leak of sensitive schema information at random user sites, so I'm definitely -1 on the general case. It has also been discussed before, hence why I went ahead and closed this, because, really, this isn't a problem and won't be "fixed". If looking for only specific information please change the description to be scoped for the actual ask. was (Author: apurtell): "Access check for getTableDescriptors is too restrictive" was the ask. Just to be clear this could very well cause a leak of sensitive schema information at random user sides so I'm definitely -1 on the general case. If looking for only specific information please change the description to be scoped for the actual ask. > Coprocessor existence check for READ level privilege > ---------------------------------------------------- > > Key: HBASE-24018 > URL: https://issues.apache.org/jira/browse/HBASE-24018 > Project: HBase > Issue Type: Improvement > Reporter: Abhishek Singh Chouhan > Priority: Major > > Currently getTableDescriptor requires a user to have Admin or Create > permissions. A client might need to get table descriptors to act accordingly > eg. based on an attribute set or a CP loaded. It should not be necessary for > the client to have create or admin privileges just to read the descriptor, > execute and/or read permission should be sufficient? -- This message was sent by Atlassian Jira (v8.3.4#803005)