You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@phoenix.apache.org by lk_phoenix <lk...@163.com> on 2016/12/05 06:52:47 UTC

how to security phoenix

hi,all:
    I want to know how to add access contorl to the table I create by phoenix .
    I need to add the privilege through hbase?
2016-12-05


lk_phoenix

Re: how to security phoenix

Posted by Josh Elser <jo...@gmail.com>.

The only strong authentication for HBase is via Kerberos. The user name 
is handled by the transport in this case.

"SIMPLE" HBase RPC authentication is not secure and doesn't go farther 
than "please don't impersonate others". I'm not positive, but I think 
your operation system user would be used. Because this is not secure, 
it's not wired up to the JDBC user/password properties.

If you wrap invocations of the JDBC driver in a 
UserGroupInformation.doAs(..) call, this might work (but again, not 
tested because it's not actually secure).

The 'C' in your grant statement is for "CREATE" not "connect". You are 
conflating authentication and authorization. Please do some research if 
the difference between the two is not clear.

lk_phoenix wrote:
> if I use phoenix JDBC driver \uff0chow to pass user name to hbase?
> for example :
> hbase(main):012:0> grant 'user01', 'CR'
> so,user01 can connect and read tables by JDBC driver,
> but my client pc only have one user named : 201
> 2016-12-06
> ------------------------------------------------------------------------
> lk_phoenix
> ------------------------------------------------------------------------
>
>     *\u53d1\u4ef6\u4eba\uff1a*Josh Elser <jo...@gmail.com>
>     *\u53d1\u9001\u65f6\u95f4\uff1a*2016-12-05 23:41
>     *\u4e3b\u9898\uff1a*Re: how to security phoenix
>     *\u6536\u4ef6\u4eba\uff1a*"user"<us...@phoenix.apache.org>
>     *\u6284\u9001\uff1a*
>     Yes, use the HBase-provided access control mechanisms.
>     lk_phoenix wrote:
>      > hi,all:
>      > I want to know how to add access contorl to the table I create by
>     phoenix .
>      > I need to add the privilege through hbase?
>      > 2016-12-05
>      >
>     ------------------------------------------------------------------------
>
>      > lk_phoenix

Re: Re: how to security phoenix

Posted by lk_phoenix <lk...@163.com>.

if I use phoenix JDBC driver ，how to pass user name to hbase?

for example : 
hbase(main):012:0> grant 'user01', 'CR'   
so,user01 can connect and read tables by JDBC driver,
but my client pc only have one user named : 201 

2016-12-06 

lk_phoenix 



发件人：Josh Elser <jo...@gmail.com>
发送时间：2016-12-05 23:41
主题：Re: how to security phoenix
收件人："user"<us...@phoenix.apache.org>
抄送：

Yes, use the HBase-provided access control mechanisms. 

lk_phoenix wrote: 
> hi,all: 
> I want to know how to add access contorl to the table I create by phoenix . 
> I need to add the privilege through hbase? 
> 2016-12-05 
> ------------------------------------------------------------------------ 
> lk_phoenix

Re: how to security phoenix

Posted by Josh Elser <jo...@gmail.com>.

Yes, use the HBase-provided access control mechanisms.

lk_phoenix wrote:
> hi,all:
> I want to know how to add access contorl to the table I create by phoenix .
> I need to add the privilege through hbase?
> 2016-12-05
> ------------------------------------------------------------------------
> lk_phoenix