[ https://issues.apache.org/jira/browse/PHOENIX-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267215#comment-16267215 ]
ASF GitHub Bot commented on PHOENIX-672: ---------------------------------------- Github user karanmehta93 commented on a diff in the pull request: https://github.com/apache/phoenix/pull/283#discussion_r153283989 --- Diff: phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java --- @@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement useSchemaStatement) throws SQL } return new MutationState(0, 0, connection); } + + public MutationState grantPermission(GrantStatement grantStatement) throws SQLException { + + StringBuffer grantPermLog = new StringBuffer(); + grantPermLog.append("Grant Permissions requested for user/group: " + grantStatement.getName()); + if (grantStatement.getSchemaName() != null) { + grantPermLog.append(" for Schema: " + grantStatement.getSchemaName()); + } else if (grantStatement.getTableName() != null) { + grantPermLog.append(" for Table: " + grantStatement.getTableName()); + } + grantPermLog.append(" Permissions: " + Arrays.toString(grantStatement.getPermsList())); + logger.info(grantPermLog.toString()); + + HConnection hConnection = connection.getQueryServices().getAdmin().getConnection(); + + try { + if (grantStatement.getSchemaName() != null) { + // SYSTEM.CATALOG doesn't have any entry for "default" HBase namespace, hence we will bypass the check + if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME)) { + FromCompiler.getResolverForSchema(grantStatement.getSchemaName(), connection); + } + grantPermissionsToSchema(hConnection, grantStatement); + + } else if (grantStatement.getTableName() != null) { + PTable inputTable = PhoenixRuntime.getTable(connection, + SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString())); + if (!(PTableType.TABLE.equals(inputTable.getType()) || PTableType.SYSTEM.equals(inputTable.getType()))) { + throw new AccessDeniedException("Cannot GRANT permissions on INDEX TABLES or VIEWS"); + } + grantPermissionsToTables(hConnection, grantStatement, inputTable); + + } else { + grantPermissionsToUser(hConnection, grantStatement); --- End diff -- @ankitsinghal I will file a JIRA for SHOW GRANTS and work on it. As of now, the code will log an error message for all the tables whose permission assignment has failed. Does that seem a good way of exception handling? > Add GRANT and REVOKE commands using HBase AccessController > ---------------------------------------------------------- > > Key: PHOENIX-672 > URL: https://issues.apache.org/jira/browse/PHOENIX-672 > Project: Phoenix > Issue Type: Task > Reporter: James Taylor > Assignee: Karan Mehta > Labels: namespaces, security > Fix For: 4.14.0 > > Attachments: PHOENIX-672.001.patch > > > In HBase 0.98, cell-level security will be available. Take a look at > [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) > excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add > support for security to our SQL grammar. -- This message was sent by Atlassian JIRA (v6.4.14#64029)