ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
Date Fri, 10 Aug 2018 17:12:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576583#comment-16576583
] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:11 PM:
-----------------------------------------------------------------------

[~ankit@apache.org] - could you please take a look at the comments on [https://reviews.apache.org/r/65950/] and
update the patch? CC [~rmani]/[~abhayk] 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might be leveraged
for this work.


was (Author: vperiasamy):
[~ankit@apache.org] - could you please take a look at the comments on [https://reviews.apache.org/r/65950/] and
update the patch? CC [~rmani]/[~abhayk] 

 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might be leveraged
for this work.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients
to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1958
>                 URL: https://issues.apache.org/jira/browse/RANGER-1958
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Ankit Singhal
>            Assignee: Ankit Singhal
>            Priority: Major
>         Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. Currently, the
implementation relies on some of the APIs provided by AccessControlService.Interface to get
the user permission of the table but we see that the API "AccessControlService.Interface#getUserPermissions"
 is not yet implemented in Ranger authorization module for HBase and thus, we are unable to
access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> 	public void getUserPermissions(RpcController controller, AccessControlProtos.GetUserPermissionsRequest
request, RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
> 		LOG.debug("getUserPermissions(): ");
> 	}
> {code}
> If we just implement this API, we can leverage the current HBase Ranger plugin for Phoenix
too.
> Although the long-term solution for Ranger could be to implement the coprocessor hooks
for Phoenix as how it has been done for HBase so that we can also authorize new entities like
VIEW, SEQUENCES, FUNCTIONs  (which can not be supported with native HBase ACLs) along with
Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message