pig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yan Zhou (JIRA)" <j...@apache.org>
Subject [jira] Commented: (PIG-987) Zebra Column Group Access Control
Date Thu, 01 Oct 2009 22:12:23 GMT

    [ https://issues.apache.org/jira/browse/PIG-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12761365#action_12761365
] 

Yan Zhou commented on PIG-987:
------------------------------

During STORE, the storage hint is enhanced to take a new "secure by"  section, e.g., 

[c1,c2] secure by group:secure perm:640

meaning the column group of columns "c1" and "c2" will belong to group "secure" with file
permission octal value of 0640 which, in turn, means read+write for user, read for group and
non for others.

After Zebra table creation, all files and directories inside the secured column group will
have the same permision and group membership within the table.

If a column group is not secured, the default behavoir is determined by the HADOOP MAP/REDUCE
 default permision and group membership set upon the new files and directories.


> Zebra Column Group Access Control
> ---------------------------------
>
>                 Key: PIG-987
>                 URL: https://issues.apache.org/jira/browse/PIG-987
>             Project: Pig
>          Issue Type: New Feature
>    Affects Versions: 0.6.0
>            Reporter: Yan Zhou
>            Assignee: Yan Zhou
>         Attachments: ColumnGroupSecurity.patch
>
>
> Access Control: when processes try to read from the column groups, Zebra should be able
to handle allowed vs. disallowed user/application accesses. 
> Expected behavior when column group permissions are set:
>     When user selects only columns that they do not have permissions to access, Zebra
should return error with message "Error #: Permission denied for accessing column <column
name or names> 
> Access control applies to an entire column group, so all columns in a column group have
same permissions. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message