[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

Fri, 10 Aug 2018 10:17:06 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576583#comment-16576583
 ] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:16 PM:
-----------------------------------------------------------------------

[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

-Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.- Upon reading this further, this might not be 
relevant, but worth taking a look. 


was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1958
>                 URL: https://issues.apache.org/jira/browse/RANGER-1958
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Ankit Singhal
>            Assignee: Ankit Singhal
>            Priority: Major
>         Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>       public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
>               LOG.debug("getUserPermissions(): ");
>       }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to