phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karan Mehta (JIRA)" <>
Subject [jira] [Commented] (PHOENIX-672) Add GRANT and REVOKE commands using HBase AccessController
Date Tue, 19 Sep 2017 23:48:00 GMT


Karan Mehta commented on PHOENIX-672:

Quick question Karan Mehta? , so for 
GRANT 'user0', 'RX'
Will it grant user0 RX for all schemas and tables?
Yes, that grants permissions across all namespaces and tables (global permission). Checkout

I and [] had a discussion earlier about this syntax from Postgres. The
HBase API in *1.3* doesn't provide the ability to merge permissions, for example if the initial
permission was 'RW' and the user grants 'X' then it overrides the original permission to 'X'.
To implement similar behavior, we would have to incur an overhead of reading the permissions
and writing it back again. HBase shell, however, uses the former approach. We decided to stick
more closely to HBase in terms of functionality and syntax, so that the development becomes
easier. What do you suggest [~apurtell]?

> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>                 Key: PHOENIX-672
>                 URL:
>             Project: Phoenix
>          Issue Type: Task
>            Reporter: James Taylor
>            Assignee: Karan Mehta
>              Labels: gsoc2016, security
> In HBase 0.98, cell-level security will be available. Take a look at [this](
excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security
to our SQL grammar.

This message was sent by Atlassian JIRA

View raw message