You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "chenxu (JIRA)" <ji...@apache.org> on 2016/04/12 10:42:25 UTC

[jira] [Updated] (HBASE-11095) Add ip restriction in user permissions

     [ https://issues.apache.org/jira/browse/HBASE-11095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

chenxu updated HBASE-11095:
---------------------------
    Attachment: HBASE-11095.patch

I upload a patch that can be used as a transient implementation, the primary change is the key of the *PermissionCache*, that changed from *user* to *user@IP*.
so the grant statement should execute like this:
bq. grant 'zhangsan@192.168.10.11','R','test'
means that the user zhangsan can only read the 'test' table at 192.168.10.11

> Add ip restriction in user permissions
> --------------------------------------
>
>                 Key: HBASE-11095
>                 URL: https://issues.apache.org/jira/browse/HBASE-11095
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>         Attachments: HBASE-11095.patch
>
>
> For some sensitive data, users want to restrict the from ips of hbase users like mysql access control. 
> One direct solution is to add the candidated ips when granting user permisions.
> {quote}
> grant <user|@group\[@ip-regular expression\]> [ <table> [ <column family> [ <column qualifier> ] ] ]
> {quote}
> Any comments and suggestions are welcomed.
> [~apurtell]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)