[jira] [Updated] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

Thu, 20 Sep 2018 11:12:51 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ankit Singhal updated RANGER-1958:
----------------------------------
    Attachment: 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1958
>                 URL: https://issues.apache.org/jira/browse/RANGER-1958
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Ankit Singhal
>            Assignee: Ankit Singhal
>            Priority: Major
>         Attachments: 
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch, 
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>       public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
>               LOG.debug("getUserPermissions(): ");
>       }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to