accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: How does Accumulo compare to HBase
Date Mon, 23 Jun 2014 18:49:02 GMT
Another way you could word this is that Accumulo has a very "mature" 
security implementation, whereas, like you pointed out, HBase has only 
recently added this in 0.98.

The note about how visibility being in the Key as opposed to the Value 
also has impact when writing Iterators. Because the visibility is a 
"first class citizen" instead of an afterthought, having it uniquely 
define some pair makes aggregations much easier to think about, IMO. 
This is especially prevalent when doing this server-side with an 
Accumulo Iterator.

There are also other differences between the implementations visibility 
filtering, the most common being the support of a "NOT" operator in 
HBase whereas Accumulo explicitly chose not to implement this. By 
allowing "NOT" into the syntax, it becomes much more possible that data 
is inadvertently leaked. Marking data correctly is more difficult than 
it seems and introducing the ability to negate certain branches makes it 
even more difficult. Auditors are scary :)

- Josh

On 6/23/14, 2:34 PM, Aaron wrote:
> I'm not sure of all the differences, but, wrt HBase Cell Level security
> (CLS)..while similar..not 100% the same.  If I understand how the HBase
> CLS works it's extension to ACL system.  And that ACL is "applied" to a
> cell.  In Accumulo's case, it is part of the key.  So the ramification
> is that in Accumulo, you can have:
> RowID, CF, CQ, VIS1, TS --> Value1
> RowID, CF, CQ, VIS2, TS --> Value2
> If everything is the same, including the timestamp, the visibility can
> actually determine which value to return.  So, a more concrete example
> would be:
> XXX, METADATA, NAME, everyone,  100--> Bruce Wayne
> XXX, METADATA, NAME, alfred-only,  100--> Batman
> Where Alfred could/would see both "values"...but, everyone else would
> only see "Bruce"
> Hope that helps.
> Cheers,
> Aaron
> PS:  this is my understanding of how HBase CLS works...based on what I
> have read/interpreted.
> On Mon, Jun 23, 2014 at 1:55 PM, Jianshi Huang <
> <>> wrote:
>     Er... basically I need to explain to my manager why choosing
>     Accumulo, instead of HBase.
>     So what are the pros and cons of Accumulo vs. HBase? (btw HBase 0.98
>     also got cell-level security, modeled after Accumulo)
>     --
>     Jianshi Huang
>     LinkedIn: jianshi
>     Twitter: @jshuang
>     Github & Blog:

View raw message