phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: how to security phoenix
Date Tue, 06 Dec 2016 23:03:58 GMT
The only strong authentication for HBase is via Kerberos. The user name 
is handled by the transport in this case.

"SIMPLE" HBase RPC authentication is not secure and doesn't go farther 
than "please don't impersonate others". I'm not positive, but I think 
your operation system user would be used. Because this is not secure, 
it's not wired up to the JDBC user/password properties.

If you wrap invocations of the JDBC driver in a 
UserGroupInformation.doAs(..) call, this might work (but again, not 
tested because it's not actually secure).

The 'C' in your grant statement is for "CREATE" not "connect". You are 
conflating authentication and authorization. Please do some research if 
the difference between the two is not clear.

lk_phoenix wrote:
> if I use phoenix JDBC driver ,how to pass user name to hbase?
> for example :
> hbase(main):012:0> grant 'user01', 'CR'
> so,user01 can connect and read tables by JDBC driver,
> but my client pc only have one user named : 201
> 2016-12-06
> ------------------------------------------------------------------------
> lk_phoenix
> ------------------------------------------------------------------------
>
>     *发件人:*Josh Elser <josh.elser@gmail.com>
>     *发送时间:*2016-12-05 23:41
>     *主题:*Re: how to security phoenix
>     *收件人:*"user"<user@phoenix.apache.org>
>     *抄送:*
>     Yes, use the HBase-provided access control mechanisms.
>     lk_phoenix wrote:
>      > hi,all:
>      > I want to know how to add access contorl to the table I create by
>     phoenix .
>      > I need to add the privilege through hbase?
>      > 2016-12-05
>      >
>     ------------------------------------------------------------------------
>
>      > lk_phoenix

Mime
View raw message