[
https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267215#comment-16267215
]
ASF GitHub Bot commented on PHOENIX-672:
----------------------------------------
Github user karanmehta93 commented on a diff in the pull request:
https://github.com/apache/phoenix/pull/283#discussion_r153283989
--- Diff:
phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java ---
@@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement
useSchemaStatement) throws SQL
}
return new MutationState(0, 0, connection);
}
+
+ public MutationState grantPermission(GrantStatement grantStatement)
throws SQLException {
+
+ StringBuffer grantPermLog = new StringBuffer();
+ grantPermLog.append("Grant Permissions requested for user/group: "
+ grantStatement.getName());
+ if (grantStatement.getSchemaName() != null) {
+ grantPermLog.append(" for Schema: " +
grantStatement.getSchemaName());
+ } else if (grantStatement.getTableName() != null) {
+ grantPermLog.append(" for Table: " +
grantStatement.getTableName());
+ }
+ grantPermLog.append(" Permissions: " +
Arrays.toString(grantStatement.getPermsList()));
+ logger.info(grantPermLog.toString());
+
+ HConnection hConnection =
connection.getQueryServices().getAdmin().getConnection();
+
+ try {
+ if (grantStatement.getSchemaName() != null) {
+ // SYSTEM.CATALOG doesn't have any entry for "default"
HBase namespace, hence we will bypass the check
+
if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME))
{
+
FromCompiler.getResolverForSchema(grantStatement.getSchemaName(), connection);
+ }
+ grantPermissionsToSchema(hConnection, grantStatement);
+
+ } else if (grantStatement.getTableName() != null) {
+ PTable inputTable = PhoenixRuntime.getTable(connection,
+
SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString()));
+ if (!(PTableType.TABLE.equals(inputTable.getType()) ||
PTableType.SYSTEM.equals(inputTable.getType()))) {
+ throw new AccessDeniedException("Cannot GRANT
permissions on INDEX TABLES or VIEWS");
+ }
+ grantPermissionsToTables(hConnection, grantStatement,
inputTable);
+
+ } else {
+ grantPermissionsToUser(hConnection, grantStatement);
--- End diff --
@ankitsinghal
I will file a JIRA for SHOW GRANTS and work on it. As of now, the code will
log an error message for all the tables whose permission assignment has failed.
Does that seem a good way of exception handling?
> Add GRANT and REVOKE commands using HBase AccessController
> ----------------------------------------------------------
>
> Key: PHOENIX-672
> URL: https://issues.apache.org/jira/browse/PHOENIX-672
> Project: Phoenix
> Issue Type: Task
> Reporter: James Taylor
> Assignee: Karan Mehta
> Labels: namespaces, security
> Fix For: 4.14.0
>
> Attachments: PHOENIX-672.001.patch
>
>
> In HBase 0.98, cell-level security will be available. Take a look at
> [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security)
> excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add
> support for security to our SQL grammar.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
