phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karan Mehta (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (PHOENIX-672) Add GRANT and REVOKE commands using HBase AccessController
Date Tue, 19 Sep 2017 22:43:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172409#comment-16172409
] 

Karan Mehta edited comment on PHOENIX-672 at 9/19/17 10:42 PM:
---------------------------------------------------------------

The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2',
'param3' {code}

To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
If all the permissions are general for the user, then the second part is not needed else the
following holds.

Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need
to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family
and Column Qualifier

Examples
{code}
GRANT 'user0', 'RX'
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.


was (Author: karanmehta93):
The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2',
'param3' {code}

To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need
to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family
and Column Qualifier

Examples
{code}
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.

> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
>                 Key: PHOENIX-672
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-672
>             Project: Phoenix
>          Issue Type: Task
>            Reporter: James Taylor
>            Assignee: Karan Mehta
>              Labels: gsoc2016, security
>
> In HBase 0.98, cell-level security will be available. Take a look at [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security
to our SQL grammar.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message