[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16629493#comment-16629493
]
Ankit Singhal edited comment on RANGER-1958 at 9/26/18 10:43 PM:
-
{quote}could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch?
{quote}
[~vperiasamy], done, uploaded the latest patch on review board as well, but I
thought [~rmani] requested the patch on ticket to sign off (as per
[comment|https://issues.apache.org/jira/browse/RANGER-1958?focusedCommentId=16609883=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16609883])
was (Author: an...@apache.org):
{quote}could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch?
{quote}
[~vperiasamy], done, uploaded the latest patch on review board as well, but I
thought [~rmani] requested the patch on ticket to sign off (as per comment)
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16629493#comment-16629493
]
Ankit Singhal edited comment on RANGER-1958 at 9/26/18 10:43 PM:
-
{quote}could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch?
{quote}
[~vperiasamy], done, uploaded the latest patch on review board as well, but I
thought [~rmani] requested the patch on ticket to sign off (as per comment)
was (Author: an...@apache.org):
{quote}could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch?
{quote}
[~vperiasamy], done, uploaded the latest patch on review board as well, but I
thought [~rmani] requested the patch on ticket to sign off (as per comment)
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576606#comment-16576606
]
Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:20 PM:
---
??Although the long-term solution for Ranger could be to implement the
coprocessor hooks for Phoenix as how it has been done for HBase so that we can
also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can not be
supported with native HBase ACLs) along with Table and Schema.??
[~an...@apache.org] - could you file a Jira for the above? Thanks.
was (Author: vperiasamy):
>> Although the long-term solution for Ranger could be to implement the
>>coprocessor hooks for Phoenix as how it has been done for HBase so that we
>>can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
>>not be supported with native HBase ACLs) along with Table and Schema.
[~an...@apache.org] - could you file a Jira for the above? Thanks.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
]
Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:16 PM:
---
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
-Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might
be leveraged for this work.- Upon reading this further, this might not be
relevant, but worth taking a look.
was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might
be leveraged for this work.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
]
Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:11 PM:
---
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might
be leveraged for this work.
was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might
be leveraged for this work.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
]
Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:11 PM:
---
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might
be leveraged for this work.
was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16573106#comment-16573106
]
Shubham edited comment on RANGER-1958 at 8/8/18 6:31 PM:
-
any updates on this issue?
was (Author: shubham.chhabra):
any updates on this issues?
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389609#comment-16389609
]
Ankit Singhal edited comment on RANGER-1958 at 3/7/18 2:30 PM:
---
Thanks [~rmani] for volunteering the review, Here is the review request.
[https://reviews.apache.org/r/65950/]
And, also can you please assign this ticket to me(Ankit Singhal).
was (Author: an...@apache.org):
Thanks [~rmani] for volunteering the review, Here is the review request.
[https://reviews.apache.org/r/65950/]
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
