[jira] [Comment Edited] (PHOENIX-672) Add GRANT and REVOKE commands using HBase AccessController

Tue, 19 Sep 2017 15:43:51 -0700 

    [ 
https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172409#comment-16172409
 ] 

Karan Mehta edited comment on PHOENIX-672 at 9/19/17 10:42 PM:
---------------------------------------------------------------

The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 
'param2', 'param3' {code}

To specify a group instead of a user the first parameter has to started with 
"@".
Permission String can contain characters {{RWXCA}} case insensitive.
If all the permissions are general for the user, then the second part is not 
needed else the following holds.

Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For 
schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for 
Column Family and Column Qualifier

Examples
{code}
GRANT 'user0', 'RX'
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsi...@gmail.com] FYI.


was (Author: karanmehta93):
The following grammar will be used for {{GRANT}}

{code}GRANT 'userOrGroupName', 'permissionString' ON [TABLE | SCHEMA] 'param1', 
'param2', 'param3' {code}

To specify a group instead of a user the first parameter has to started with 
"@".
Permission String can contain characters {{RWXCA}} case insensitive.
Token {{ON}} is required
For the next parameter, if nothing is specified, it defaults to table. For 
schema, we need to explicitly use the token {{SCHEMA}}.
For schema, it will be followed by a single parameter which is schema name
For table, it will be followed by Table name and param2/3 will be optional for 
Column Family and Column Qualifier

Examples
{code}
GRANT  'user1', 'RWX' ON 'table1'
GRANT '@group2', 'RC' ON 'table2', 'cf1'
GRANT 'user3', 'R' ON SCHEMA 'schema1'
{code}

Similar goes for {{REVOKE}} as well
[~jamestaylor] [~apurtell] Please advice.
[~twdsi...@gmail.com] FYI.

> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
>                 Key: PHOENIX-672
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-672
>             Project: Phoenix
>          Issue Type: Task
>            Reporter: James Taylor
>            Assignee: Karan Mehta
>              Labels: gsoc2016, security
>
> In HBase 0.98, cell-level security will be available. Take a look at 
> [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
>  excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add 
> support for security to our SQL grammar.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to