hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tokayer, Jason M." <Jason.Toka...@capitalone.com>
Subject Hbase ACL
Date Tue, 03 May 2016 12:52:13 GMT
I am working on Hbase ACLs in order to lock a particular cell value for writes by a user for
an indefinite amount of time. This same user will be writing to Hbase during normal program
execution, and he needs to be able to continue to write to other cells during the single cell
lock period. I've been experimenting with simple authentication (i.e. No Kerberos), and the
plan is to extend to a Kerberized cluster once I get this working.

First, I am able to grant 'user-X' read and write permissions to a particular namespace. In
this way user-X can write to any Hbase table in that namespace during normal execution. What
I need to be able to do next is to set user-X's permissions on a particular cell to read only
and have that take precedence over the table permissions. I found a parameter in the codebase
namely OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST, that seems to allow for this prioritization of
cell-level over table-/column-level. But I cannot figure out how to set this with key OP_ATTRIBUTE_ACL_STRATEGY.
Is it possible to set the strategy to cell-level prioritization, preferably in hbase-site.xml?
This feature is critical to our cell-level access control.

Warmest Regards,
Jason Tokayer, PhD

The information contained in this e-mail is confidential and/or proprietary to Capital One
and/or its affiliates and may only be used solely in performance of work or services for Capital
One. The information transmitted herewith is intended only for use by the individual or entity
to which it is addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any review, retransmission, dissemination, distribution, copying
or other use of, or taking of any action in reliance upon this information is strictly prohibited.
If you have received this communication in error, please contact the sender and delete the
material from your computer.

  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message