Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B7804118C0 for ; Sat, 12 Apr 2014 03:35:20 +0000 (UTC) Received: (qmail 9770 invoked by uid 500); 12 Apr 2014 03:35:19 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 9732 invoked by uid 500); 12 Apr 2014 03:35:17 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 9710 invoked by uid 99); 12 Apr 2014 03:35:15 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Apr 2014 03:35:15 +0000 Date: Sat, 12 Apr 2014 03:35:15 +0000 (UTC) From: "Anoop Sam John (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-10823) Resolve LATEST_TIMESTAMP to current server time before scanning for ACLs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-10823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13967378#comment-13967378 ] Anoop Sam John commented on HBASE-10823: ---------------------------------------- bq. I think that is fine for now. Yes this is obviously better than the current state. +1 for commit this Andy. What I was saying abt the TS , I can explain with an eg: ||cf:c1|| cf:c2|| |c1v1 (ts=100) | c2v1 (ts=100)| |c1v2 (ts=102) | c2v2 (ts=102)| |c1v3 (ts=104) | c2v3 (ts=104)| Now consider a Delete {code} Delete d = new Delete(r1); d.deleteColumns(cf, c1, 105); d.deleteColumns(cf, c2, 102); {code} So here for the Get we will have a time range of 0 - 105. For the column cf:c1 we have to check the cell acl for all the versions v1, v2 and v3 (as the delete will mask all versions). But for cf:c2 we have to check only 2 versions v1 and v2. So in the acl check place also we might have to do ts based cell skip. This we can do in a follow on Jira. Also we will need all fancy test cases. Also we have to consider exact version deletion [ deleteColumns() and deleteColumn() ] > Resolve LATEST_TIMESTAMP to current server time before scanning for ACLs > ------------------------------------------------------------------------ > > Key: HBASE-10823 > URL: https://issues.apache.org/jira/browse/HBASE-10823 > Project: HBase > Issue Type: Improvement > Affects Versions: 0.98.1 > Reporter: Andrew Purtell > Assignee: Andrew Purtell > Priority: Minor > Fix For: 0.99.0, 0.98.2 > > Attachments: HBASE-10823.patch, HBASE-10823.patch, HBASE-10823.patch, test.patch > > > Storing values with timestamps in the future is probably bad practice and can lead to surprises. If cells with timestamps in the future have ACLs, permissions from those ACLs will incorrectly be considered for authorizing the pending mutation. For sure that will be surprising. > We should be able to avoid this case by resolving LATEST_TIMESTAMP to the current server time when creating the internal scanner for finding ACLs in the covered cell set. > Documenting a todo item from a discussion between [~anoop.hbase] and myself. -- This message was sent by Atlassian JIRA (v6.2#6252)