From dev-return-16912-archive-asf-public=cust-asf.ponee.io@ranger.apache.org Mon Mar 5 10:58:09 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id AE869180608 for ; Mon, 5 Mar 2018 10:58:08 +0100 (CET) Received: (qmail 68278 invoked by uid 500); 5 Mar 2018 09:58:07 -0000 Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list dev@ranger.apache.org Received: (qmail 68265 invoked by uid 99); 5 Mar 2018 09:58:07 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Mar 2018 09:58:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 25597C0350 for ; Mon, 5 Mar 2018 09:58:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.511 X-Spam-Level: X-Spam-Status: No, score=-109.511 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id fwde9rWYOzHj for ; Mon, 5 Mar 2018 09:58:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id C77D15FAC9 for ; Mon, 5 Mar 2018 09:58:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A92F8E01BE for ; Mon, 5 Mar 2018 09:58:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 6618D21268 for ; Mon, 5 Mar 2018 09:58:00 +0000 (UTC) Date: Mon, 5 Mar 2018 09:58:00 +0000 (UTC) From: "Ankit Singhal (JIRA)" To: dev@ranger.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16385874#comment-16385874 ] Ankit Singhal commented on RANGER-1958: --------------------------------------- [~rmani], can you please review the attached patch. > [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger > ---------------------------------------------------------------------------------------------------------------------------------------- > > Key: RANGER-1958 > URL: https://issues.apache.org/jira/browse/RANGER-1958 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Ankit Singhal > Priority: Major > Attachments: RANGER-1958.patch > > > We have added the support of ACLs in Phoenix as part of PHOENIX-4198. Currently, the implementation relies on some of the APIs provided by AccessControlService.Interface to get the user permission of the table but we see that the API "AccessControlService.Interface#getUserPermissions" is not yet implemented in Ranger authorization module for HBase and thus, we are unable to access permissions stored for HBase Table in Phoenix. > In class RangerAuthorizationCoprocessor > {code} > @Override > public void getUserPermissions(RpcController controller, AccessControlProtos.GetUserPermissionsRequest request, RpcCallback done) { > LOG.debug("getUserPermissions(): "); > } > {code} > If we just implement this API, we can leverage the current HBase Ranger plugin for Phoenix too. > Although the long-term solution for Ranger could be to implement the coprocessor hooks for Phoenix as how it has been done for HBase so that we can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can not be supported with native HBase ACLs) along with Table and Schema. > Let me know your thoughts, I can try to put up a patch soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)