You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2016/04/13 00:51:25 UTC
[jira] [Comment Edited] (HBASE-11095) Add ip restriction in user
permissions
[ https://issues.apache.org/jira/browse/HBASE-11095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15238162#comment-15238162 ]
Andrew Purtell edited comment on HBASE-11095 at 4/12/16 10:51 PM:
------------------------------------------------------------------
What if we want to grant or revoke to/from a user without care about IP addresses? That's the current capability and the most common use.
Are these changes backwards compatible? Do they depend on the map type allowing 'null' keys?
What about actions that are checked outside of request context? They won't have an RPC context to get an IP address from.
was (Author: apurtell):
What if we want to grant or revoke to/from a user without care about IP addresses? That's the current capability and the most common use.
> Add ip restriction in user permissions
> --------------------------------------
>
> Key: HBASE-11095
> URL: https://issues.apache.org/jira/browse/HBASE-11095
> Project: HBase
> Issue Type: New Feature
> Components: security
> Reporter: Liu Shaohui
> Assignee: Liu Shaohui
> Priority: Minor
> Attachments: HBASE-11095.patch
>
>
> For some sensitive data, users want to restrict the from ips of hbase users like mysql access control.
> One direct solution is to add the candidated ips when granting user permisions.
> {quote}
> grant <user|@group\[@ip-regular expression\]> [ <table> [ <column family> [ <column qualifier> ] ] ]
> {quote}
> Any comments and suggestions are welcomed.
> [~apurtell]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)