You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Karan Mehta (JIRA)" <ji...@apache.org> on 2017/09/19 22:43:00 UTC
[jira] [Comment Edited] (PHOENIX-672) Add GRANT and REVOKE commands
using HBase AccessController
[ https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172409#comment-16172409 ]
Karan Mehta edited comment on PHOENIX-672 at 9/19/17 10:42 PM:
---------------------------------------------------------------
The following grammar will be used for {{GRANT}}
{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2', 'param3' {code}
To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
If all the permissions are general for the user, then the second part is not needed else the following holds.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family and Column Qualifier
Examples
{code}
GRANT 'user0', 'RX'
GRANT 'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}
Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.
was (Author: karanmehta93):
The following grammar will be used for {{GRANT}}
{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 'param2', 'param3' {code}
To specify a group instead of a user the first parameter has to started with "@".
Permission String can contain characters {{RWXCA}} case insensitive.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for Column Family and Column Qualifier
Examples
{code}
GRANT 'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}
Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsilva@gmail.com] FYI.
> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
> Key: PHOENIX-672
> URL: https://issues.apache.org/jira/browse/PHOENIX-672
> Project: Phoenix
> Issue Type: Task
> Reporter: James Taylor
> Assignee: Karan Mehta
> Labels: gsoc2016, security
>
> In HBase 0.98, cell-level security will be available. Take a look at [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security to our SQL grammar.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)