[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ankit Singhal updated RANGER-1958:
----------------------------------
Attachment: RANGER-1958.patch
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Ankit Singhal
> Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
