hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com>
Subject Re: Deletes with cell visibility labels
Date Thu, 21 Sep 2017 16:40:52 GMT
So the problem that you are facing here is that you don know what is the
visibility labels associated with a row that was added during 'PUT'. Now to
form the delete you are not sure what are the exact labels so that the
'PUT' remains masked.

But in terms of a generic use case that is the way you can exactly mask a
PUT with visibility labels right?
Say if a row is having a sensitive info then it is marked with PRIVATE &
SECRET labels, then if you need to remove that row ( so that it is later
changed to PUBLIC) it is always better you specify the ROW with exact
labels.
The current impl is that we mask only those PUTs which matches exactly with
the deletes visibility labels.

And to answer your question in a simple way
Since you are not sure what were the labels added for a PUT you need to re
run the algo that generated the labels and add it with deletes if that
specific row needs to be masked.

Regards
Ram

On Thu, Sep 21, 2017 at 9:53 PM, Mike Thomsen <mikerthomsen@gmail.com>
wrote:

> Yes, I realized my mistake shortly after posting. So my question is how do
> you form a proper delete? Is the expected behavior roughly...
>
> 1. Get the row.
> 2. Rerun the algorithm that computed the visibility label on the row.
> 3. Build a list of deletes.
>
> Is that what we're expected to do here? Or is there a simpler way of
> handling this?
>
> Thanks,
>
> Mike
>
> On Thu, Sep 21, 2017 at 12:18 PM, ramkrishna vasudevan <
> ramkrishna.s.vasudevan@gmail.com> wrote:
>
> > Hi Thomson
> >
> > I think you are saying that the shell allows you to specify
> > delete 'tablename', 'row', 'family', ts1, {VISIBILITY=>'PRIVATE|SECRET'}
> > but the java client does not allow to do it? I doubt it.
> >
> > In case of mutations like  puts and deletes what we pass is the
> visibility
> > labels. Now when you do a scan that is where we specify the AUTHORIZTIONs
> > so that only those cells with visibility cells as passed in the
> > AUTHORIZATIONS are returned back.
> >
> > Hope you find this useful. Let us know if you need further inputs.
> >
> > Regards
> > Ram
> >
> > On Thu, Sep 21, 2017 at 6:04 PM, Mike Thomsen <mikerthomsen@gmail.com>
> > wrote:
> >
> > > According to the javadocs and some examples I've seen, it looks like
> with
> > > the Java client you have to know the visibility label of the cell you
> > want
> > > to delete. You cannot just pass a token list like you can in the shell
> > > (delete TABLE, ROW, COLUMN, {AUTHORIZATIONS => ["token", "token"]})
> > >
> > > Is this true or am I missing something?
> > >
> > > Thanks,
> > >
> > > Mike
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message