hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anoop Sam John (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18659) Use HDFS ACL to give user the ability to read snapshot directly on HDFS
Date Thu, 24 Aug 2017 02:25:01 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139475#comment-16139475
] 

Anoop Sam John commented on HBASE-18659:
----------------------------------------

bq.Yeah, you can not retain cell level ACL if user can read HFiles directly from HDFS. And
I think this is acceptable?
I also think so.  It should be ok to restrict this and document this. Till CF level permission
only will work this way.  Even column level (Qualifier) also can not work.

> Use HDFS ACL to give user the ability to read snapshot directly on HDFS
> -----------------------------------------------------------------------
>
>                 Key: HBASE-18659
>                 URL: https://issues.apache.org/jira/browse/HBASE-18659
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Duo Zhang
>
> On the dev meetup notes in Shenzhen after HBaseCon Asia, there is a topic about the permission
to read hfiles on HDFS directly.
> {quote}
> For client-side scanner going against hfiles directly; is there a means of being able
to pass the permissions from hbase to hdfs?
> {quote}
> And at Xiaomi we also face the same problem. {{SnapshotScanner}} is much faster and consumes
less resources, but only super use has the ability to read hfile directly on HDFS.
> So here we want to use HDFS ACL to address this problem.
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_File_System_API
> The basic idea is to set acl and default on the table directory on HDFS for the users
who have the permission to read the table on HBase.
> Suggestions are welcomed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message