hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11384) [Visibility Controller]Check for users covering authorizations for every mutation
Date Fri, 25 Jul 2014 02:35:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073975#comment-14073975
] 

ramkrishna.s.vasudevan commented on HBASE-11384:
------------------------------------------------

bq.I think a cluster wide setting is better. We could make it a table attr but let's not unless
we can come up with a credible use case.
Ok.  So table specific attr I will remove for now.  This was one thing why I did not update
the patch and was checking how to override per table level.
bq.Should be off by default in 0.98
This would be better i suppose.  I think even on 0.99+ we could make it off only.  We can
raise a JIRA for 0.99+ to make it ON  by default based on further discussions and use case?

> [Visibility Controller]Check for users covering authorizations for every mutation
> ---------------------------------------------------------------------------------
>
>                 Key: HBASE-11384
>                 URL: https://issues.apache.org/jira/browse/HBASE-11384
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 0.98.3
>            Reporter: ramkrishna.s.vasudevan
>            Assignee: ramkrishna.s.vasudevan
>             Fix For: 0.99.0, 0.98.5
>
>         Attachments: HBASE-11384.patch, HBASE-11384_1.patch, HBASE-11384_2.patch, HBASE-11384_3.patch,
HBASE-11384_4.patch
>
>
> As part of discussions, it is better that every mutation either Put/Delete with Visibility
expressions should validate if the expression has labels for which the user has authorization.
 If not fail the mutation.
> Suppose User A is assoicated with A,B and C.  The put has a visibility expression A&D.
Then fail the mutation as D is not associated with User A.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message