[jira] [Commented] (PHOENIX-672) Add GRANT and REVOKE commands using HBase AccessController

Wed, 22 Nov 2017 10:44:00 -0800 

    [ 
https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263117#comment-16263117
 ] 

ASF GitHub Bot commented on PHOENIX-672:
----------------------------------------

Github user karanmehta93 commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/283#discussion_r152649147
  
    --- Diff: 
phoenix-core/src/test/java/org/apache/phoenix/parse/QueryParserTest.java ---
    @@ -66,6 +68,46 @@ private void parseQueryThatShouldFail(String sql) throws 
Exception {
             }
         }
     
    +    @Test
    +    public void testParseGrantQuery() throws Exception {
    +
    +        String sql0 = "GRANT 'RX' ON SYSTEM.\"SEQUENCE\" TO 'user'";
    +        parseQuery(sql0);
    +        String sql1 = "GRANT 'RWXCA' ON TABLE some_table0 TO 'user0'";
    +        parseQuery(sql1);
    +        String sql2 = "GRANT 'RWX' ON some_table1 TO 'user1'";
    +        parseQuery(sql2);
    +        String sql3 = "GRANT 'CA' ON SCHEMA some_schema2 TO 'user2'";
    +        parseQuery(sql3);
    +        String sql4 = "GRANT 'RXW' ON some_table3 TO GROUP 'group3'";
    +        parseQuery(sql4);
    +        String sql5 = "GRANT 'RXW' ON \"some_schema5\".\"some_table5\" TO 
GROUP 'group5'";
    +        parseQuery(sql5);
    +        String sql6 = "GRANT 'RWA' TO 'user6'";
    +        parseQuery(sql6);
    +        String sql7 = "GRANT 'A' TO GROUP 'group7'";
    +        parseQuery(sql7);
    --- End diff --
    
    HBase API logs a message and ignores it if any other character is found 
apart from 'RWXCA'. If same character is passed again, it will put up the same 
string in the hbase:acl table.
    
     An example of this is
    `GRANT 'RXXRRRRCAAAA' to 'user11'`
    results in
    ` hbase:acl   column=l:user11, timestamp=1511376020328, value=RXXRRRRCAAAA` 
                                                                                
                
    
     A simple check should be to limit the size of string to 5 characters. Does 
that seem fine?


> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
>                 Key: PHOENIX-672
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-672
>             Project: Phoenix
>          Issue Type: Task
>            Reporter: James Taylor
>            Assignee: Karan Mehta
>              Labels: namespaces, security
>             Fix For: 4.14.0
>
>         Attachments: PHOENIX-672.001.patch
>
>
> In HBase 0.98, cell-level security will be available. Take a look at 
> [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
>  excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add 
> support for security to our SQL grammar.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to