[
https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263061#comment-16263061
]
ASF GitHub Bot commented on PHOENIX-672:
----------------------------------------
Github user karanmehta93 commented on a diff in the pull request:
https://github.com/apache/phoenix/pull/283#discussion_r152644103
--- Diff:
phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java ---
@@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement
useSchemaStatement) throws SQL
}
return new MutationState(0, 0, connection);
}
+
+ public MutationState grantPermission(GrantStatement grantStatement)
throws SQLException {
+
+ StringBuffer grantPermLog = new StringBuffer();
+ grantPermLog.append("Grant Permissions requested for user/group: "
+ grantStatement.getName());
+ if (grantStatement.getSchemaName() != null) {
+ grantPermLog.append(" for Schema: " +
grantStatement.getSchemaName());
+ } else if (grantStatement.getTableName() != null) {
+ grantPermLog.append(" for Table: " +
grantStatement.getTableName());
+ }
+ grantPermLog.append(" Permissions: " +
Arrays.toString(grantStatement.getPermsList()));
+ logger.info(grantPermLog.toString());
+
+ HConnection hConnection =
connection.getQueryServices().getAdmin().getConnection();
+
+ try {
+ if (grantStatement.getSchemaName() != null) {
+ // SYSTEM.CATALOG doesn't have any entry for "default"
HBase namespace, hence we will bypass the check
+
if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME))
{
+
FromCompiler.getResolverForSchema(grantStatement.getSchemaName(), connection);
+ }
+ grantPermissionsToSchema(hConnection, grantStatement);
+
+ } else if (grantStatement.getTableName() != null) {
+ PTable inputTable = PhoenixRuntime.getTable(connection,
+
SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString()));
+ if (!(PTableType.TABLE.equals(inputTable.getType()) ||
PTableType.SYSTEM.equals(inputTable.getType()))) {
+ throw new AccessDeniedException("Cannot GRANT
permissions on INDEX TABLES or VIEWS");
+ }
+ grantPermissionsToTables(hConnection, grantStatement,
inputTable);
+
+ } else {
+ grantPermissionsToUser(hConnection, grantStatement);
--- End diff --
Yes, I have been working on it. Will commit it here soon. Current approach
is to log an error message for all the tables whose permission assignment has
failed. Does that seem fine?
> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
> Key: PHOENIX-672
> URL: https://issues.apache.org/jira/browse/PHOENIX-672
> Project: Phoenix
> Issue Type: Task
> Reporter: James Taylor
> Assignee: Karan Mehta
> Labels: namespaces, security
> Fix For: 4.14.0
>
> Attachments: PHOENIX-672.001.patch
>
>
> In HBase 0.98, cell-level security will be available. Take a look at
> [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
> excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add
> support for security to our SQL grammar.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
