[ https://issues.apache.org/jira/browse/HBASE-7663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13797755#comment-13797755 ]
Anoop Sam John commented on HBASE-7663: --------------------------------------- VisibilityController CP handles the visibility The visibility labels are stored as tags with KVs Use put.setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order Eg : SECRET & CONFIDENTIAL & !PUBLIC During read, (Scan/Get) one can specify labels associated with that, in Authorizations scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); > [Per-KV security] Visibility labels > ----------------------------------- > > Key: HBASE-7663 > URL: https://issues.apache.org/jira/browse/HBASE-7663 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security > Affects Versions: 0.98.0 > Reporter: Andrew Purtell > Assignee: Anoop Sam John > Attachments: HBASE-7663.patch > > > Implement Accumulo-style visibility labels. Consider the following design > principles: > - Coprocessor based implementation > - Minimal to no changes to core code > - Use KeyValue tags (HBASE-7448) to carry labels > - Use OperationWithAttributes# {get,set}Attribute for handling visibility > labels in the API > - Implement a new filter for evaluating visibility labels as KVs are streamed > through. > This approach would be consistent in deployment and API details with other > per-KV security work, supporting environments where they might be both be > employed, even stacked on some tables. > See the parent issue for more discussion. -- This message was sent by Atlassian JIRA (v6.1#6144)