[
https://issues.apache.org/jira/browse/RANGER-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16141302#comment-16141302
]
Madhan Neethiraj commented on RANGER-1729:
------------------------------------------
Adding my comments from the review board here, for easier reference:
Cache key such as this is likely to perform incorrect authorization, in
multiple cases:
- consider "table=t1; columnFamily=c1" and "table="t1c; columnFamily=1". Both
will result in the same cacheKey, and can cause incorrect authorization
- Ranger allows conditions to be included in policies, which can determine the
result based on factors not included in the cacheKey - for example,
time-of-access Such conditions may not be honored with cacheing of results
- With support for tag-based authorization, either cache-key should include
tags associated or the cache needs to be invalidated when the plugin receives
updated tag information
HBases table can have large number of columns (in millions); this (and other
factors like number of users, number of ip-addresses) can increase the memory
footprint and can cause significant overhead. I would suggest you do
performance runs on conditions that can add significant cache size and share
your findings.
Overall, I think it will be helpful to look into the cause for the 10% overhead
you notice and try to improve policy execution, where feasible, instead of
going for caching the results.
> The hbase's performance will be significantly reduced after used Ranger to
> control and configure Hbase data security
> --------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1729
> URL: https://issues.apache.org/jira/browse/RANGER-1729
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Labels: patch
> Attachments:
> 0001-RANGER-1729-The-performance-of-hbase-will-be-signifi.patch,
> Polling_interval_result_detail.png, result_detail.png,
> verify_patch_result_detail.png
>
>
> The hbase's performance will be significantly reduced after used Ranger to
> control and configure Hbase data security. I used following environment to
> verify issue.
> Test tools:ycsb-0.1.4
> Test environment:
> Node number:4
> Node configuration detail is as following:
> Node1、Node2:
> CPU:32 core,Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz
> memory:128GB
> Node3、Node4
> CPU:48 core,Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz
> memory:128GB
> The test result:
> 2. Add one policy and not write audit log, HBase's performance decreased
> 10.10%;
> 3. Add one policy and write audit log, HBase's performance decreased 12.90%;
> Please refer to result_detail.png.
> This decline is unacceptable in a real environment. It will seriously affect
> the user to use Ranger.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
