[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16586453#comment-16586453
 ] 

Ankit Singhal commented on RANGER-1958:
---------------------------------------

bq. Although the long-term solution for Ranger could be to implement the 
coprocessor hooks for Phoenix as how it has been done for HBase so that we can 
also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can not be 
supported with native HBase ACLs) along with Table and Schema.
bq. Ankit Singhal - could you file a Jira for the above? Thanks. 
yes [~vperiasamy], just created RANGER-2194 for the same.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1958
>                 URL: https://issues.apache.org/jira/browse/RANGER-1958
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Ankit Singhal
>            Assignee: Ankit Singhal
>            Priority: Major
>         Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>       public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
>               LOG.debug("getUserPermissions(): ");
>       }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to