hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anoop Sam John (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
Date Wed, 24 Dec 2014 02:25:14 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14257847#comment-14257847
] 

Anoop Sam John commented on HBASE-12745:
----------------------------------------

bq.4) But client side get_auths call will only get the result explicit for that user only
or for that group (if parameter is @group) only.
So if at client side, one need all labelled auth'ed for a user (explicit grant or via group),
need to make multiple calls with user and for each of his/her group. Can clearly mention this
in javadoc for VisibilityClient?  Also change the help part in the shell command how to use
get for group.  (Also similar way for other APIs as well).  

Thanks for the nice work.

> Visibility Labels:  support visibility labels for user groups.
> --------------------------------------------------------------
>
>                 Key: HBASE-12745
>                 URL: https://issues.apache.org/jira/browse/HBASE-12745
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 0.98.9, 0.99.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12745-master-v1.patch
>
>
> The thinking is that we should support visibility labels to be associated with user groups.
> We will then be able grant visibility labels to a group in addition to individual users,
which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in AcccessController.
> For example, 
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message