[ https://issues.apache.org/jira/browse/RANGER-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16141302#comment-16141302 ]
Madhan Neethiraj commented on RANGER-1729: ------------------------------------------ Adding my comments from the review board here, for easier reference: Cache key such as this is likely to perform incorrect authorization, in multiple cases: - consider "table=t1; columnFamily=c1" and "table="t1c; columnFamily=1". Both will result in the same cacheKey, and can cause incorrect authorization - Ranger allows conditions to be included in policies, which can determine the result based on factors not included in the cacheKey - for example, time-of-access Such conditions may not be honored with cacheing of results - With support for tag-based authorization, either cache-key should include tags associated or the cache needs to be invalidated when the plugin receives updated tag information HBases table can have large number of columns (in millions); this (and other factors like number of users, number of ip-addresses) can increase the memory footprint and can cause significant overhead. I would suggest you do performance runs on conditions that can add significant cache size and share your findings. Overall, I think it will be helpful to look into the cause for the 10% overhead you notice and try to improve policy execution, where feasible, instead of going for caching the results. > The hbase's performance will be significantly reduced after used Ranger to > control and configure Hbase data security > -------------------------------------------------------------------------------------------------------------------- > > Key: RANGER-1729 > URL: https://issues.apache.org/jira/browse/RANGER-1729 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Qiang Zhang > Assignee: Qiang Zhang > Labels: patch > Attachments: > 0001-RANGER-1729-The-performance-of-hbase-will-be-signifi.patch, > Polling_interval_result_detail.png, result_detail.png, > verify_patch_result_detail.png > > > The hbase's performance will be significantly reduced after used Ranger to > control and configure Hbase data security. I used following environment to > verify issue. > Test tools:ycsb-0.1.4 > Test environment: > Node number:4 > Node configuration detail is as following: > Node1、Node2: > CPU:32 core,Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz > memory:128GB > Node3、Node4 > CPU:48 core,Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz > memory:128GB > The test result: > 2. Add one policy and not write audit log, HBase's performance decreased > 10.10%; > 3. Add one policy and write audit log, HBase's performance decreased 12.90%; > Please refer to result_detail.png. > This decline is unacceptable in a real environment. It will seriously affect > the user to use Ranger. -- This message was sent by Atlassian JIRA (v6.4.14#64029)