You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Karan Mehta (JIRA)" <ji...@apache.org> on 2017/09/19 22:43:00 UTC

[jira] [Comment Edited] (PHOENIX-672) Add GRANT and REVOKE commands using HBase AccessController

    [ https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172409#comment-16172409 ] 

Karan Mehta edited comment on PHOENIX-672 at 9/19/17 10:42 PM:
---------------------------------------------------------------

The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2', 'param3' {code}

To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
If all the permissions are general for the user, then the second part is not needed else the following holds.

Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family and Column Qualifier

Examples
{code}
GRANT 'user0', 'RX'
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.


was (Author: karanmehta93):
The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2', 'param3' {code}

To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family and Column Qualifier

Examples
{code}
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.

> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
>                 Key: PHOENIX-672
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-672
>             Project: Phoenix
>          Issue Type: Task
>            Reporter: James Taylor
>            Assignee: Karan Mehta
>              Labels: gsoc2016, security
>
> In HBase 0.98, cell-level security will be available. Take a look at [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security to our SQL grammar.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)