hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duo Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18659) Use HDFS ACL to give user the ability to read snapshot directly on HDFS
Date Thu, 24 Aug 2017 00:52:03 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139404#comment-16139404
] 

Duo Zhang commented on HBASE-18659:
-----------------------------------

Yeah, you can not retain cell level ACL if user can read HFiles directly from HDFS. And I
think this is acceptable? We will provide a config to enable/disable this feature, and it
can be configured per table and per cf. So if user want to use cell level ACL on some tables
or cfs then just disable this feature on that table or cf.

> Use HDFS ACL to give user the ability to read snapshot directly on HDFS
> -----------------------------------------------------------------------
>
>                 Key: HBASE-18659
>                 URL: https://issues.apache.org/jira/browse/HBASE-18659
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Duo Zhang
>
> On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic about the permission
to read hfiles on HDFS directly.
> {quote}
> For client-side scanner going against hfiles directly; is there a means of being able
to pass the permissions from hbase to hdfs?
> {quote}
> And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much faster and consumes
less resources, but only super use has the ability to read hfile directly on HDFS.
> So here we want to use HDFS ACL to address this problem.
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API
> The basic idea is to set acl and default on the table directory on HDFS for the users
who have the permission to read the table on HBase.
> Suggestions are welcomed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message