keith-turner opened a new issue, #6137: URL: https://github.com/apache/accumulo/issues/6137
**Describe the bug** The new fate table can be scanned by any Accumulo user. Not sure there is any legitimate need for this and the table could contain sensitive information (has serialized fate operations). Suspect the following code grants this. https://github.com/apache/accumulo/blob/db1e6525168ba3951daa5e0e7346e1e741a0f6d7/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java#L387 **Versions (OS, Maven, Java, and others, as appropriate):** - Affected version(s) of this project: 4.0.0-SNAPSHOT **To Reproduce** Was experimenting w/ the following test to explore this behavior. The test show the user does not have read permission but can still read. ```diff diff --git a/test/src/main/java/org/apache/accumulo/test/functional/PermissionsIT.java b/test/src/main/java/org/apache/accumulo/test/functional/PermissionsIT.java index 1009f874ca..01629a1b33 100644 --- a/test/src/main/java/org/apache/accumulo/test/functional/PermissionsIT.java +++ b/test/src/main/java/org/apache/accumulo/test/functional/PermissionsIT.java @@ -694,6 +694,7 @@ public class PermissionsIT extends AccumuloClusterHarness { } loginAs(rootUser); try (AccumuloClient c = Accumulo.newClient().from(getClientProps()).build()) { + c.securityOperations().createLocalUser(principal, passwordToken); loginAs(testUser); try (AccumuloClient test_user_client = @@ -703,6 +704,12 @@ public class PermissionsIT extends AccumuloClusterHarness { loginAs(rootUser); verifyHasOnlyTheseTablePermissions(c, c.whoami(), SystemTables.METADATA.tableName(), TablePermission.READ, TablePermission.ALTER_TABLE); + verifyHasOnlyTheseTablePermissions(c, test_user_client.whoami(), SystemTables.FATE.tableName()); + verifyHasOnlyTheseTablePermissions(c, test_user_client.whoami(), SystemTables.SCAN_REF.tableName()); + try(var scanner = test_user_client.createScanner(SystemTables.FATE.tableName())){ + scanner.iterator().hasNext(); + } + String tableName = getUniqueNames(1)[0] + "__TABLE_PERMISSION_TEST__"; // test each permission ``` **Expected behavior** By default users can not read or write to the fate and scanref tables. From a testing perspective may be good to also verify by default users can not write to the metadata and root table if that test does not exists. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
