phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ethan Wang <aerto...@gmail.com>
Subject Re: Phoenix system tables in multitenant setup
Date Mon, 23 Oct 2017 00:45:29 GMT
!schema sounds like a great idea. For users who has permission to see, to
list all the visible schemas.


On October 22, 2017 at 1:07:58 AM, Lars George (lars.george@gmail.com)
wrote:

Hi,

I am wondering, in a secured cluster with Kerberos and HBase ACLs, and
with namespace mapping enabled in Phoenix, what is needed to enable
users to create their own tables in a "schema"? The documentation
(
https://phoenix.apache.org/namspace_mapping.html#What_permissions_are_required_to_CREATE_and_DROP_SCHEMA)

states that you need admin permissions in HBase to create the schema,
which makes sense as it creates a namespace in HBase.

But for tables inside, I am assuming the user needs access to the
Phoenix SYSTEM tables (and CREATE rights for the namespace in question
on the HBase level)? Is that the case? And if so, what are they able
to see, as in, only their information, or all information from other
tenants as well? If so, is there a way to truly isolate them?

Oh, and I was wondering why there is no "!schema" or some such. Or am
I missing something?

Cheers,
Lars

Mime
View raw message