jtaylor-sfdc
commented
10 years ago @apurtell - how about this one?
Open jtaylor-sfdc opened 11 years ago
jtaylor-sfdc
commented
10 years ago @apurtell - how about this one?
apurtell
commented
10 years ago Actually even with HBase 0.94, Phoenix could manage column and table level permissions with something like GRANT and REVOKE. I deliberately linked to Postgres 8 manpages because Postgres 9's syntax involves RBAC, which the HBase access controller doesn't support, although I suppose we could look at emulating roles with a custom Hadoop group mapper.
On an HBase including HBASE-7662, we could consider fun things like combining GRANT and REVOKE syntax with SELECT. Phoenix would execute the query, retrieve the cells, add cell ACLs, and store them back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.
jtaylor-sfdc
commented
10 years ago Nice, didn't realize that.
Any volunteers?
apurtell
commented
10 years ago Yes I volunteer, to add GRANT and REVOKE for 0.94/0.96.
Also interested in marrying those statements with SELECT - I believe that would be a first.
In HBase 0.98, cell-level security will be available. Take a look at this excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security to our SQL grammar.