[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16645329#comment-16645329
]
Ramesh Mani commented on RANGER-1958:
-
Commit id :
http://git-wip-us.apache.org/repos/asf/ranger/commit/1869f2a7
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16645153#comment-16645153
]
Velmurugan Periasamy commented on RANGER-1958:
--
Thanks [~an...@apache.org].
[~rmani] - could you please help merge this?
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16629493#comment-16629493
]
Ankit Singhal commented on RANGER-1958:
---
{quote}could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch?
{quote}
[~vperiasamy], done, uploaded the latest patch on review board as well, but I
thought [~rmani] requested the patch on ticket to sign off (as per comment)
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16626270#comment-16626270
]
Velmurugan Periasamy commented on RANGER-1958:
--
[~abhayk]/[~rmani] - could you please review?
[~an...@apache.org] - could you please upload to review board? Or update
[https://reviews.apache.org/r/65950/] with latest patch? Thanks.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16622451#comment-16622451
]
Ankit Singhal commented on RANGER-1958:
---
[~rmani], Uploaded the patch after taking care [~abhayk]'s review comments.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments:
> 0001-RANGER-1958-HBase-Implement-getUserPermissions-API-o.patch,
> RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609883#comment-16609883
]
Ramesh Mani commented on RANGER-1958:
-
[~an...@apache.org] Please create a patch with git format-patch -n HEAD^ and
uploaded it. The patch in the review I am not able to sign off.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16586453#comment-16586453
]
Ankit Singhal commented on RANGER-1958:
---
bq. Although the long-term solution for Ranger could be to implement the
coprocessor hooks for Phoenix as how it has been done for HBase so that we can
also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can not be
supported with native HBase ACLs) along with Table and Schema.
bq. Ankit Singhal - could you file a Jira for the above? Thanks.
yes [~vperiasamy], just created RANGER-2194 for the same.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16586360#comment-16586360
]
Ankit Singhal commented on RANGER-1958:
---
Sorry guys [~abhayk],[~rmani],[~vperiasamy], for not working on this for a long
time.
but now I have made the changes by leveraging getResourceACLs() API exposed by
RANGER-2061 to implement getUserPermission() API of HBase and updated the
request for review.
https://reviews.apache.org/r/65950/
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576606#comment-16576606
]
Velmurugan Periasamy commented on RANGER-1958:
--
>> Although the long-term solution for Ranger could be to implement the
>>coprocessor hooks for Phoenix as how it has been done for HBase so that we
>>can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
>>not be supported with native HBase ACLs) along with Table and Schema.
[~an...@apache.org] - could you file a Jira for the above? Thanks.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
]
Velmurugan Periasamy commented on RANGER-1958:
--
[~an...@apache.org] - could you please take a look at the comments on
[https://reviews.apache.org/r/65950/] and update the patch? CC
[~rmani]/[~abhayk]
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16573106#comment-16573106
]
Shubham commented on RANGER-1958:
-
any updates on this issues?
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16571408#comment-16571408
]
Pierre Villard commented on RANGER-1958:
Any update on this one?
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390319#comment-16390319
]
Ramesh Mani commented on RANGER-1958:
-
Pinging [~mad...@apache.org] [~abhayk] also for the review.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389637#comment-16389637
]
Velmurugan Periasamy commented on RANGER-1958:
--
[~an...@apache.org] - I have added you as contributor for Ranger project and
assigned the ticket to you.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389609#comment-16389609
]
Ankit Singhal commented on RANGER-1958:
---
Thanks [~rmani] for volunteering the review, Here is the review request.
[https://reviews.apache.org/r/65950/]
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16386533#comment-16386533
]
Ramesh Mani commented on RANGER-1958:
-
[~an...@apache.org] Thanks for the Patch! That was quick. Please create a
review request here in [https://reviews.apache.org/dashboard/]
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16385874#comment-16385874
]
Ankit Singhal commented on RANGER-1958:
---
[~rmani], can you please review the attached patch.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16381026#comment-16381026
]
Ramesh Mani commented on RANGER-1958:
-
[~an...@apache.org] Since there is ACL in Phoenix, it would good to have a
RangerPhoenixPlugin than relying on RangerHBasePlugin alone.
But incase that is a long way to go and want to leverage on RangerHBasePlugin
what is the expected implementation on getUserPernissions API? Could you please
elaborate on the Phoenix request and what is expected out from Ranger? That
will help us to move forward on this.
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Priority: Major
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
[
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16379495#comment-16379495
]
Ramesh Mani commented on RANGER-1958:
-
[~an...@apache.org] do you have patch ready for this?
> [HBase] Implement getUserPermissions API of AccessControlService.Interface to
> allow clients to access HBase permissions stored in Ranger
>
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Ankit Singhal
>Priority: Major
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198.
> Currently, the implementation relies on some of the APIs provided by
> AccessControlService.Interface to get the user permission of the table but we
> see that the API "AccessControlService.Interface#getUserPermissions" is not
> yet implemented in Ranger authorization module for HBase and thus, we are
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
> public void getUserPermissions(RpcController controller,
> AccessControlProtos.GetUserPermissionsRequest request,
> RpcCallback done) {
> LOG.debug("getUserPermissions(): ");
> }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the
> coprocessor hooks for Phoenix as how it has been done for HBase so that we
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can
> not be supported with native HBase ACLs) along with Table and Schema.
> Let me know your thoughts, I can try to put up a patch soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
