hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HBASE-2257) [stargate] multiuser mode
Date Wed, 24 Feb 2010 06:39:27 GMT

     [ https://issues.apache.org/jira/browse/HBASE-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrew Purtell updated HBASE-2257:
----------------------------------

    Attachment: HBASE-2257.patch

Attached patch provides an alternate operating mode, which can be optionally enabled, that
provides some simple user isolation. When enabled, access tokens must be added as the first
element to the path. 

An access token is a 32 character hexadecimal string. They can be generated using any method
but typically one would use MD5 to hash the username with salt. 

For example, where before a value may be accessed as:

{{/someTable/someRow/someColumn:qualifier}}

with multiuser mode enabled, it would be:

{{/d41d8cd98f00b204e9800998ecf8427e/someTable/someRow/someColumn:qualifier}}

Access tokens map to user accounts. This mapping is done by pluggable _authenticators_. Three
authenticators are provided which support defining user accounts via 1) hbase-site.xml, 2)
entries in a HBase table, or 3) entries in any data source with a JDBC driver, respectively.
User accounts can have administrative privilege. They can also be temporarily disabled. 

If a user account has administrative privilege, table names given in the path are not modified.


If a user account does not have administrative privilege, the typical case, then table names
given in the path or in submitted data is transparently rewritten from {{<table>}} to
{{<user-name> + "." + <table>}}, and vice versa. In this way each user has the
illusion of a private namespace and one user cannot access the tables of another. 

> [stargate] multiuser mode
> -------------------------
>
>                 Key: HBASE-2257
>                 URL: https://issues.apache.org/jira/browse/HBASE-2257
>             Project: Hadoop HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.20.4
>
>         Attachments: HBASE-2257.patch
>
>
> Support an optional operating mode with simple user isolation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message