hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Thomsen <mikerthom...@gmail.com>
Subject Re: Deletes with cell visibility labels
Date Thu, 21 Sep 2017 16:58:11 GMT
Thanks. I had a feeling you were going to say that.

On Thu, Sep 21, 2017 at 12:40 PM, ramkrishna vasudevan <
ramkrishna.s.vasudevan@gmail.com> wrote:

> So the problem that you are facing here is that you don know what is the
> visibility labels associated with a row that was added during 'PUT'. Now to
> form the delete you are not sure what are the exact labels so that the
> 'PUT' remains masked.
>
> But in terms of a generic use case that is the way you can exactly mask a
> PUT with visibility labels right?
> Say if a row is having a sensitive info then it is marked with PRIVATE &
> SECRET labels, then if you need to remove that row ( so that it is later
> changed to PUBLIC) it is always better you specify the ROW with exact
> labels.
> The current impl is that we mask only those PUTs which matches exactly with
> the deletes visibility labels.
>
> And to answer your question in a simple way
> Since you are not sure what were the labels added for a PUT you need to re
> run the algo that generated the labels and add it with deletes if that
> specific row needs to be masked.
>
> Regards
> Ram
>
> On Thu, Sep 21, 2017 at 9:53 PM, Mike Thomsen <mikerthomsen@gmail.com>
> wrote:
>
> > Yes, I realized my mistake shortly after posting. So my question is how
> do
> > you form a proper delete? Is the expected behavior roughly...
> >
> > 1. Get the row.
> > 2. Rerun the algorithm that computed the visibility label on the row.
> > 3. Build a list of deletes.
> >
> > Is that what we're expected to do here? Or is there a simpler way of
> > handling this?
> >
> > Thanks,
> >
> > Mike
> >
> > On Thu, Sep 21, 2017 at 12:18 PM, ramkrishna vasudevan <
> > ramkrishna.s.vasudevan@gmail.com> wrote:
> >
> > > Hi Thomson
> > >
> > > I think you are saying that the shell allows you to specify
> > > delete 'tablename', 'row', 'family', ts1,
> {VISIBILITY=>'PRIVATE|SECRET'}
> > > but the java client does not allow to do it? I doubt it.
> > >
> > > In case of mutations like  puts and deletes what we pass is the
> > visibility
> > > labels. Now when you do a scan that is where we specify the
> AUTHORIZTIONs
> > > so that only those cells with visibility cells as passed in the
> > > AUTHORIZATIONS are returned back.
> > >
> > > Hope you find this useful. Let us know if you need further inputs.
> > >
> > > Regards
> > > Ram
> > >
> > > On Thu, Sep 21, 2017 at 6:04 PM, Mike Thomsen <mikerthomsen@gmail.com>
> > > wrote:
> > >
> > > > According to the javadocs and some examples I've seen, it looks like
> > with
> > > > the Java client you have to know the visibility label of the cell you
> > > want
> > > > to delete. You cannot just pass a token list like you can in the
> shell
> > > > (delete TABLE, ROW, COLUMN, {AUTHORIZATIONS => ["token", "token"]})
> > > >
> > > > Is this true or am I missing something?
> > > >
> > > > Thanks,
> > > >
> > > > Mike
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message