Velmurugan Periasamy reassigned RANGER-1958:

    Assignee: Ankit Singhal  (was: Ankita Sinha)

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>                 Key: RANGER-1958
>                 URL: https://issues.apache.org/jira/browse/RANGER-1958
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Ankit Singhal
>            Assignee: Ankit Singhal
>            Priority: Major
>         Attachments: RANGER-1958.patch
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>       public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
>               LOG.debug("getUserPermissions(): ");
>       }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.

This message was sent by Atlassian JIRA

Reply via email to