Add SQL-ish security features using HBase AccessController #541
Comments
|
@apurtell - how about this one? |
ghost
assigned 
|
Actually even with HBase 0.94, Phoenix could manage column and table level permissions with something like GRANT and REVOKE. I deliberately linked to Postgres 8 manpages because Postgres 9's syntax involves RBAC, which the HBase access controller doesn't support, although I suppose we could look at emulating roles with a custom Hadoop group mapper. On an HBase including HBASE-7662, we could consider fun things like combining GRANT and REVOKE syntax with SELECT. Phoenix would execute the query, retrieve the cells, add cell ACLs, and store them back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network. |
|
Nice, didn't realize that. Any volunteers? |
|
Yes I volunteer, to add GRANT and REVOKE for 0.94/0.96. Also interested in marrying those statements with SELECT - I believe that would be a first. |
In HBase 0.98, cell-level security will be available. Take a look at this excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security to our SQL grammar.
The text was updated successfully, but these errors were encountered: