hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12823) Visibility label security at limited localized level
Date Fri, 16 Jan 2015 22:46:35 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14280940#comment-14280940

Jerry He commented on HBASE-12823:

Thanks for the comments. 
Based on the comments, it sounds like an approach we can go with and a clear documentation
stating the risks and safeguards?

Thinking a little more. I wonder if the following is doable or desirable. 

Introduce a couple of enable/disable API (and commands) that basically control if the VC would
be applied on the table and CF level. 

> disable_VC  'table1',  'cf1'

The enabled (or disabled) table/CF list is persisted to the hbase:labels table (and cached
by VC), similar to the way how the table/CF info is maintained for ACL.
VC is still system level.
But VC has all the info it needs to skip and optimize based on whether a particular table
or CF is enabled for visibility label filtering.
The enable/disable can only be invoked by super user and user having system auth.
This way we will have a relatively independent, self-contained visibility security framework.
We can decide if the default behavior for each table/CF is 'enable' or 'disable'.

> Visibility label security at limited localized level
> ----------------------------------------------------
>                 Key: HBASE-12823
>                 URL: https://issues.apache.org/jira/browse/HBASE-12823
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 2.0.0, 0.98.10
>            Reporter: Jerry He
>             Fix For: 2.0.0
> Currently, if visibility label security is enabled for a HBase instance, after VisibilityController
is configured, the cell level visibility label filtering will kick in across the HBase instance.
> Cell level visibility label filtering has non-negligible performance impact.
> On the other hand, in many use cases, only a small portion of the overall data needs
visibility label protection.
> If we can support  visibility label security at a limited and localized level, we will
broaden the use cases and the adoption of this feature.
> We should be able to support visibility label security at per table or per column family
level. This is quite common in many other HBase features.
> Cell level visibility label filtering will only be enabled and kick in for the tables
or column families that the user designates.

This message was sent by Atlassian JIRA

View raw message