[jira] [Resolved] (PHOENIX-487) Tenant data isolation for DML and SELECT.

Sun, 16 Mar 2014 00:34:37 -0700 

     [ 
https://issues.apache.org/jira/browse/PHOENIX-487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gabriel Reid resolved PHOENIX-487.
----------------------------------

    Resolution: Fixed

Bulk resolve of closed issues imported from GitHub. This status was reached by 
first re-opening all closed imported issues and then resolving them in bulk.

> Tenant data isolation for DML and SELECT.
> -----------------------------------------
>
>                 Key: PHOENIX-487
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-487
>             Project: Phoenix
>          Issue Type: Task
>    Affects Versions: 3.0-Release
>            Reporter: elevine
>            Assignee: elevine
>
> In multi-tenant environments it would be nice to have Phoenix enforce that a 
> tenant-specific operation only has access to tenant-specific data.
> Schemas designed for multi-tenant environments are likely to have common 
> schemes for how tenant-specific data is stored.  One option is to have each 
> row key start with tenant id.  Another possibility is to have tenant id be 
> incorporated into a table's schema or table name.
> Phoenix could implement automatic query rewriting in multi-tenant 
> environments.  Phoenix already supports <a 
> href="https://github.com/forcedotcom/phoenix/blob/master/src/main/java/com/salesforce/phoenix/util/JDBCUtil.java_L85";>TenantId</a>
>  connection property.  If this property is set on a connection, the 
> connection can be assumed to be tenant-specific and force Phoenix to rewrite 
> DML to enforce the tenant only operates on their own data.
> Example of a multi-tenant User table DDL (prefixes each row key with 
> tenant_id):
> ```sql
> CREATE TABLE user (tenant_id INTEGER, user_id INTEGER, name VARCHAR
>                                       CONSTRAINT pk PRIMARY KEY (tenant_id, 
> user_id))
> ```
> Client flow:
> 1. Client opens a Phoenix connection and sets "TenantId" to be 123
> 2. Client issues "select name from user where user_id = '456'"
> When Phoenix receives the query, it would check to see if tenant is specified 
> on the connection.  If specified, the query would be rewritten to be "select 
> name from user where tenant_id = 123 and user_id = '456'." 
> Such rewrites could also apply to DDL, which is somewhat along the lines of 
> what Ian is proposing in issue -296.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to