hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-11095) Add ip restriction in user permissions
Date Tue, 12 Apr 2016 22:51:25 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15238162#comment-15238162
] 

Andrew Purtell edited comment on HBASE-11095 at 4/12/16 10:51 PM:
------------------------------------------------------------------

What if we want to grant or revoke to/from a user without care about IP addresses? That's
the current capability and the most common use.

Are these changes backwards compatible? Do they depend on the map type allowing 'null' keys?

What about actions that are checked outside of request context? They won't have an RPC context
to get an IP address from.


was (Author: apurtell):
What if we want to grant or revoke to/from a user without care about IP addresses? That's
the current capability and the most common use. 

> Add ip restriction in user permissions
> --------------------------------------
>
>                 Key: HBASE-11095
>                 URL: https://issues.apache.org/jira/browse/HBASE-11095
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>         Attachments: HBASE-11095.patch
>
>
> For some sensitive data, users want to restrict the from ips of hbase users like mysql
access control. 
> One direct solution is to add the candidated ips when granting user permisions.
> {quote}
> grant <user|@group\[@ip-regular expression\]> [ <table> [ <column family>
[ <column qualifier> ] ] ]
> {quote}
> Any comments and suggestions are welcomed.
> [~apurtell]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message