Re: [PR] Allow only root user to read fate and scanref tables by default [accumulo]

Mon, 09 Mar 2026 19:12:59 -0700 


ctubbsii commented on code in PR #6203:
URL: https://github.com/apache/accumulo/pull/6203#discussion_r2908882266


##########
test/src/main/java/org/apache/accumulo/test/functional/PermissionsIT.java:
##########
@@ -703,8 +710,16 @@ public void tablePermissionTest() throws Exception {
         loginAs(rootUser);
         verifyHasOnlyTheseTablePermissions(c, c.whoami(), 
SystemTables.METADATA.tableName(),
             TablePermission.READ, TablePermission.ALTER_TABLE);
-        String tableName = getUniqueNames(1)[0] + "__TABLE_PERMISSION_TEST__";
 
+        // check test user permissions on FATE and SCAN_REF tables
+        loginAs(testUser);
+        verifyHasOnlyTheseTablePermissions(c, test_user_client.whoami(),
+            SystemTables.FATE.tableName());
+        verifyHasOnlyTheseTablePermissions(c, test_user_client.whoami(),
+            SystemTables.SCAN_REF.tableName());
+

Review Comment:
   I agree. The only special permissions the root user has is the ability to 
manage permissions of others. It shouldn't get special treatment with access to 
data. That is not its role. It can always grant itself that role, if that's how 
a user wants to do things, but it shouldn't be the default.



##########
server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java:
##########
@@ -355,11 +355,18 @@ private boolean _hasTablePermission(String user, TableId 
table, TablePermission
       boolean useCached) throws ThriftSecurityException {
     targetUserExists(user);
 
+    // Allow all users to read root and metadata tables
     if ((table.equals(SystemTables.METADATA.tableId()) || 
table.equals(SystemTables.ROOT.tableId()))
         && permission.equals(TablePermission.READ)) {
       return true;
     }
 
+    // Allow root user to scan all system tables
+    if (user.equals(getRootUsername()) && SystemTables.containsTableId(table)

Review Comment:
   I agree. The only special permissions the root user has is the ability to 
manage permissions of others. It shouldn't get special treatment with access to 
data. That is not its role. It can always grant itself that role, if that's how 
a user wants to do things, but it shouldn't be the default.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to