[
https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172409#comment-16172409
]
Karan Mehta edited comment on PHOENIX-672 at 9/19/17 10:42 PM:
---------------------------------------------------------------
The following grammar will be used for {{GRANT}}
{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1',
'param2', 'param3' {code}
To specify a group instead of a user the first parameter has to started with
"@".
Permission String can contain characters {{RWXCA}} case insensitive.
If all the permissions are general for the user, then the second part is not
needed else the following holds.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For
schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for
Column Family and Column Qualifier
Examples
{code}
GRANT 'user0', 'RX'
GRANT 'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}
Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[[email protected]] FYI.
was (Author: karanmehta93):
The following grammar will be used for {{GRANT}}
{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1',
'param2', 'param3' {code}
To specify a group instead of a user the first parameter has to started with
"@".
Permission String can contain characters {{RWXCA}} case insensitive.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For
schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for
Column Family and Column Qualifier
Examples
{code}
GRANT 'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}
Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[[email protected]] FYI.
> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
> Key: PHOENIX-672
> URL: https://issues.apache.org/jira/browse/PHOENIX-672
> Project: Phoenix
> Issue Type: Task
> Reporter: James Taylor
> Assignee: Karan Mehta
> Labels: gsoc2016, security
>
> In HBase 0.98, cell-level security will be available. Take a look at
> [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
> excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add
> support for security to our SQL grammar.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
