hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
Date Sun, 18 Jan 2015 05:56:35 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14281673#comment-14281673
] 

Jerry He commented on HBASE-12745:
----------------------------------

Thanks.
I attached a v7-0.98. It is based on v7 master version.
It has updates to address [~anoop.hbase]'s comments in the RB for backward compatibility in
0.98.
Regarding backward compatibility, the changes will not break client/server or rolling upgrade
in anyway. 
But since VisibilityLabelService is an interface, adding a new method getGroupAuths() will
break any existing custom implementation if the custom implementation is used on the new server
since the new method is always invoked on the server.
You may want to review the relevant updates.

> Visibility Labels:  support visibility labels for user groups.
> --------------------------------------------------------------
>
>                 Key: HBASE-12745
>                 URL: https://issues.apache.org/jira/browse/HBASE-12745
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 0.98.9, 0.99.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12745-master-v1.patch, HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch, HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated with user groups.
> We will then be able grant visibility labels to a group in addition to individual users,
which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in AcccessController.
> For example, 
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message