hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11384) [Visibility Controller]Check for users covering authorizations for every mutation
Date Thu, 24 Jul 2014 06:44:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14072893#comment-14072893

ramkrishna.s.vasudevan commented on HBASE-11384:

bq.HTD#setCheckAuthsForMutation(boolean setCheckAuths)
We can have cluster level also fine, but allowing HTD.setValue() then we have to expose that
config outside.  Making it by default to true would mean that it is on by default. 
bq.We have to handle in IntegrationTestIngestWithVisibilityLabels?
I checked this and found that it is calling LoadTestTool.  That is why changed in LTT. Does
it make sense?
bq.Just have a boolean instance member in VC and init it on postOpen()?
bq.AccessDeniedException is okey?
Previous comment from Andy suggested that to be AccessDenied.  Hence changed it. Changing
to authorized is fine with me in the comment. 
bq.Why pass Configuration when you can get the same from HBaseTestingUtility?
Will remove the configuration. Initially did not pass the Testingutiliity later added it.
Will remove the copy paste issue in the comment. 
bq.We should fail() after the table.put() call within try block
The intention was that we would definitely get exception so wanted to validate the type of
error alone. Fine in adding a fail() also.
bq.By default we will have auth check for labels in Mutation visibility expression
Yes. Fine with updating the documentation.

> [Visibility Controller]Check for users covering authorizations for every mutation
> ---------------------------------------------------------------------------------
>                 Key: HBASE-11384
>                 URL: https://issues.apache.org/jira/browse/HBASE-11384
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 0.98.3
>            Reporter: ramkrishna.s.vasudevan
>            Assignee: ramkrishna.s.vasudevan
>             Fix For: 0.99.0, 0.98.5
>         Attachments: HBASE-11384.patch, HBASE-11384_1.patch, HBASE-11384_2.patch, HBASE-11384_3.patch,
> As part of discussions, it is better that every mutation either Put/Delete with Visibility
expressions should validate if the expression has labels for which the user has authorization.
 If not fail the mutation.
> Suppose User A is assoicated with A,B and C.  The put has a visibility expression A&D.
Then fail the mutation as D is not associated with User A.

This message was sent by Atlassian JIRA

View raw message