Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 92F88174C6 for ; Fri, 23 Jan 2015 23:20:36 +0000 (UTC) Received: (qmail 10260 invoked by uid 500); 23 Jan 2015 23:20:36 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 10193 invoked by uid 500); 23 Jan 2015 23:20:36 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 10027 invoked by uid 99); 23 Jan 2015 23:20:36 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2015 23:20:36 +0000 Date: Fri, 23 Jan 2015 23:20:36 +0000 (UTC) From: "Andrew Purtell (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-12745) Visibility Labels: support visibility labels for user groups. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14290197#comment-14290197 ] Andrew Purtell commented on HBASE-12745: ---------------------------------------- bq. Since they're IA.Public, shouldn't they be deprecated for a full major version before removal? We've been taking this shortcut with experimental APIs in 0.98 - anything requiring HFile v3 is experimental until 1.0: tags, cell ACLs, the VC, encryption - where we will immediately mark deprecated in 0.98 and remove in 1.0. Agreed this should be documented, mentioned in release notes, etc. If we want to discontinue this practice or do something different in this case, I have no strong opinion either way. > Visibility Labels: support visibility labels for user groups. > -------------------------------------------------------------- > > Key: HBASE-12745 > URL: https://issues.apache.org/jira/browse/HBASE-12745 > Project: HBase > Issue Type: Improvement > Components: security > Affects Versions: 1.0.0, 0.98.9, 0.99.2 > Reporter: Jerry He > Assignee: Jerry He > Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0 > > Attachments: HBASE-12745-master-v1.patch, HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch, HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch, HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch, HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch > > > The thinking is that we should support visibility labels to be associated with user groups. > We will then be able grant visibility labels to a group in addition to individual users, which provides convenience and usability. > We will use '@group' to denote a group name, as similarly done in AcccessController. > For example, > {code} > set_auths '@group1', ['SECRET','PRIVATE'] > {code} > {code} > get_auth '@group1' > {code} > A user belonging to 'group1' will have all the visibility labels granted to 'group1' > We'll also support super user groups as specified in hbase-site.xml. > The code update will mainly be on the server side VisibilityLabelService implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)