Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-672

Add SQL-ish security features using HBase AccessController

    Details

    • Type: Task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • old issue number:
      541

      Description

      In HBase 0.98, cell-level security will be available. Take a look at [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) excellent blog post by @apurtell. Once Phoenix works on 0.96, we should add support for security to our SQL grammar.

        Activity

        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/09/13 09:06:21 PM:

        mentioned

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/09/13 09:06:21 PM: mentioned
        Hide
        pctony Tony Stevenson added a comment -

        Comment:jamestaylor:11/12/13 04:45:07 AM:

        @apurtell - how about this one?

        Show
        pctony Tony Stevenson added a comment - Comment:jamestaylor:11/12/13 04:45:07 AM: @apurtell - how about this one?
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/12/13 04:45:07 AM:

        mentioned

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/12/13 04:45:07 AM: mentioned
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 01:38:42 AM:

        assigned

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 01:38:42 AM: assigned
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 01:49:35 AM:

        Actually even with HBase 0.94, Phoenix could manage column and table level permissions with something like [GRANT](http://www.postgresql.org/docs/8.0/static/sql-grant.html) and [REVOKE](http://www.postgresql.org/docs/8.0/static/sql-revoke.html). I deliberately linked to Postgres 8 manpages because Postgres 9's syntax involves RBAC, which the HBase access controller doesn't support, although I suppose we could look at emulating roles with a custom Hadoop group mapper.

        On an HBase including HBASE-7662(https://issues.apache.org/jira/browse/HBASE-7662), we could consider fun things like combining GRANT and REVOKE syntax with SELECT. Phoenix would execute the query, retrieve the cells, add cell ACLs, and store them back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 01:49:35 AM: Actually even with HBase 0.94, Phoenix could manage column and table level permissions with something like [GRANT] ( http://www.postgresql.org/docs/8.0/static/sql-grant.html ) and [REVOKE] ( http://www.postgresql.org/docs/8.0/static/sql-revoke.html ). I deliberately linked to Postgres 8 manpages because Postgres 9's syntax involves RBAC, which the HBase access controller doesn't support, although I suppose we could look at emulating roles with a custom Hadoop group mapper. On an HBase including HBASE-7662 ( https://issues.apache.org/jira/browse/HBASE-7662 ), we could consider fun things like combining GRANT and REVOKE syntax with SELECT. Phoenix would execute the query, retrieve the cells, add cell ACLs, and store them back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.
        Hide
        pctony Tony Stevenson added a comment -

        Comment:jamestaylor:11/14/13 04:38:30 AM:

        Nice, didn't realize that.

        Any volunteers?

        Show
        pctony Tony Stevenson added a comment - Comment:jamestaylor:11/14/13 04:38:30 AM: Nice, didn't realize that. Any volunteers?
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 05:00:06 PM:

        Yes I volunteer, to add GRANT and REVOKE for 0.94/0.96.

        Also interested in marrying those statements with SELECT - I believe that would be a first.

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 05:00:06 PM: Yes I volunteer, to add GRANT and REVOKE for 0.94/0.96. Also interested in marrying those statements with SELECT - I believe that would be a first.
        Hide
        apurtell Andrew Purtell added a comment -

        Should we revive this? Where in the roadmap do you think it might make sense to fit in? We would be looking at grammar, parser, and executor changes for GRANT and REVOKE statements that I think would be self contained.

        Show
        apurtell Andrew Purtell added a comment - Should we revive this? Where in the roadmap do you think it might make sense to fit in? We would be looking at grammar, parser, and executor changes for GRANT and REVOKE statements that I think would be self contained.
        Hide
        apurtell Andrew Purtell added a comment -

        GRANT and REVOKE DDL statements for applying table, column family, namespace, or global level permissions would find support in the SQL92 syntax definition.

        But what about cell level ACLs (and related on PHOENIX-684 visibility labels)? In an earlier comment I suggested combining GRANT/REVOKE with SELECT but that would be off spec and anyway an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.

        Show
        apurtell Andrew Purtell added a comment - GRANT and REVOKE DDL statements for applying table, column family, namespace, or global level permissions would find support in the SQL92 syntax definition. But what about cell level ACLs (and related on PHOENIX-684 visibility labels)? In an earlier comment I suggested combining GRANT/REVOKE with SELECT but that would be off spec and anyway an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.

          People

          • Assignee:
            apurtell Andrew Purtell
            Reporter:
            jamestaylor James Taylor
          • Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:

              Development