[ https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263104#comment-16263104 ]
ASF GitHub Bot commented on PHOENIX-672: ---------------------------------------- Github user ankitsinghal commented on a diff in the pull request: https://github.com/apache/phoenix/pull/283#discussion_r152648189 --- Diff: phoenix-core/src/main/java/org/apache/phoenix/coprocessor/PhoenixAccessController.java --- @@ -229,17 +227,12 @@ public void handleRequireAccessOnDependentTable(String request, String userName, + dependentTable); return; } - if (isAutomaticGrantEnabled) { --- End diff -- @karanmehta93 Strict mode:- It will check permissions for dependent tables as well. For eg, If a user who has all access on data table is creating an index, then we need to ensure that all others users of data table can also access a new index table. AutomaticGrant:- It will automatically grant required permissions to dependent table users. @twdsilva , what about the case when a new index is been created? Purpose of the automatic grant:- let's say there are three users A and B have READ permission on the data-table and user C has RWC permission on data-table. so if user B creates an index, then we need to ensure that user A and C should also be able to read the index and C should be able to write to this Index and can drop the index also. so we will give only the required permission to the users of data-table on the index table. So, Access should propagate like this. user | access data table | access on index table | with Automatic grant(access on index table will change like this) | comments -- | -- | -- | -- | -- A | RAX | no access | RX | RX will be given on index table B | RX | RWXC | RWXC | no grant will happen C | RWXAC | no access | RWCX | read ,write and create will be given so that it can read/write to index table and drop as well. > Add GRANT and REVOKE commands using HBase AccessController > ---------------------------------------------------------- > > Key: PHOENIX-672 > URL: https://issues.apache.org/jira/browse/PHOENIX-672 > Project: Phoenix > Issue Type: Task > Reporter: James Taylor > Assignee: Karan Mehta > Labels: namespaces, security > Fix For: 4.14.0 > > Attachments: PHOENIX-672.001.patch > > > In HBase 0.98, cell-level security will be available. Take a look at > [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) > excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add > support for security to our SQL grammar. -- This message was sent by Atlassian JIRA (v6.4.14#64029)