[ https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576606#comment-16576606 ]
Velmurugan Periasamy commented on RANGER-1958: ---------------------------------------------- >> Although the long-term solution for Ranger could be to implement the >>coprocessor hooks for Phoenix as how it has been done for HBase so that we >>can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can >>not be supported with native HBase ACLs) along with Table and Schema. [~an...@apache.org] - could you file a Jira for the above? Thanks. > [HBase] Implement getUserPermissions API of AccessControlService.Interface to > allow clients to access HBase permissions stored in Ranger > ---------------------------------------------------------------------------------------------------------------------------------------- > > Key: RANGER-1958 > URL: https://issues.apache.org/jira/browse/RANGER-1958 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Ankit Singhal > Assignee: Ankit Singhal > Priority: Major > Attachments: RANGER-1958.patch > > > We have added the support of ACLs in Phoenix as part of PHOENIX-4198. > Currently, the implementation relies on some of the APIs provided by > AccessControlService.Interface to get the user permission of the table but we > see that the API "AccessControlService.Interface#getUserPermissions" is not > yet implemented in Ranger authorization module for HBase and thus, we are > unable to access permissions stored for HBase Table in Phoenix. > In class RangerAuthorizationCoprocessor > {code} > @Override > public void getUserPermissions(RpcController controller, > AccessControlProtos.GetUserPermissionsRequest request, > RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) { > LOG.debug("getUserPermissions(): "); > } > {code} > If we just implement this API, we can leverage the current HBase Ranger > plugin for Phoenix too. > Although the long-term solution for Ranger could be to implement the > coprocessor hooks for Phoenix as how it has been done for HBase so that we > can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can > not be supported with native HBase ACLs) along with Table and Schema. > Let me know your thoughts, I can try to put up a patch soon. -- This message was sent by Atlassian JIRA (v7.6.3#76005)