0.98+ security features gives a new feature of more fine grained Access control per cell level. * This can be achieved only when using HFile V3 *. The above said config give a way for old behavior even in the context of new enhancement. And so it make sense in HFile V3 alone So what is the dependency u mean here? Sorry not getting fully. As long as the user continue to use HFile V2 (that is the default in 0.98) it will continue with old ways of early out with Access denied on read reqs.
-Anoop- On Wed, Sep 24, 2014 at 5:09 AM, Srikanth Srungarapu <[email protected]> wrote: > Hi Folks, > I noticed that withing 0.98 branch, the behavior of read accesses depends > on hfile versions. If the user decides to use HFile V3 instead of HFile V2, > then the read actions in case of access denied case start returning 0 rows > instead of throwing AccessDenied exception. Ted mentioned yesterday that > some work has been done in this direction [1], where a flag > "hbase.security.access.early_ > out" was provided to the user for restoring the previous behavior. But, > this flag does make sense only in the context of user switching to HFile > V3. Is it a better idea to get rid of this dependency on file versions and > present users with a single knob for switching behavior? Or can we do > something about making this more consistent, may be not immediately, but > for 1.0? > Thanks, > Srikanth. > > References: > [1] https://issues.apache.org/jira/browse/HBASE-11070 >
