hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12823) Visibility label security at limited localized level
Date Fri, 16 Jan 2015 22:46:35 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14280940#comment-14280940
] 

Jerry He commented on HBASE-12823:
----------------------------------

Thanks for the comments. 
Based on the comments, it sounds like an approach we can go with and a clear documentation
stating the risks and safeguards?

Thinking a little more. I wonder if the following is doable or desirable. 

Introduce a couple of enable/disable API (and commands) that basically control if the VC would
be applied on the table and CF level. 

e.g.  
> disable_VC  'table1',  'cf1'

The enabled (or disabled) table/CF list is persisted to the hbase:labels table (and cached
by VC), similar to the way how the table/CF info is maintained for ACL.
VC is still system level.
But VC has all the info it needs to skip and optimize based on whether a particular table
or CF is enabled for visibility label filtering.
The enable/disable can only be invoked by super user and user having system auth.
This way we will have a relatively independent, self-contained visibility security framework.
We can decide if the default behavior for each table/CF is 'enable' or 'disable'.

> Visibility label security at limited localized level
> ----------------------------------------------------
>
>                 Key: HBASE-12823
>                 URL: https://issues.apache.org/jira/browse/HBASE-12823
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 2.0.0, 0.98.10
>            Reporter: Jerry He
>             Fix For: 2.0.0
>
>
> Currently, if visibility label security is enabled for a HBase instance, after VisibilityController
is configured, the cell level visibility label filtering will kick in across the HBase instance.
> Cell level visibility label filtering has non-negligible performance impact.
> On the other hand, in many use cases, only a small portion of the overall data needs
visibility label protection.
> If we can support  visibility label security at a limited and localized level, we will
broaden the use cases and the adoption of this feature.
> We should be able to support visibility label security at per table or per column family
level. This is quite common in many other HBase features.
> Cell level visibility label filtering will only be enabled and kick in for the tables
or column families that the user designates.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message