[
https://issues.apache.org/jira/browse/HBASE-7663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13797755#comment-13797755
]
Anoop Sam John commented on HBASE-7663:
---------------------------------------
VisibilityController CP handles the visibility
The visibility labels are stored as tags with KVs
Use put.setCellVisibility(new CellVisibility(<labelExp>)); to add visibility
expressions to cells
The label expression can contain visibility labels joined with logical
expressions &, | and !. Also using (, ) one can specify the precedence order
Eg : SECRET & CONFIDENTIAL & !PUBLIC
During read, (Scan/Get) one can specify labels associated with that, in
Authorizations
scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
> [Per-KV security] Visibility labels
> -----------------------------------
>
> Key: HBASE-7663
> URL: https://issues.apache.org/jira/browse/HBASE-7663
> Project: HBase
> Issue Type: Sub-task
> Components: Coprocessors, security
> Affects Versions: 0.98.0
> Reporter: Andrew Purtell
> Assignee: Anoop Sam John
> Attachments: HBASE-7663.patch
>
>
> Implement Accumulo-style visibility labels. Consider the following design
> principles:
> - Coprocessor based implementation
> - Minimal to no changes to core code
> - Use KeyValue tags (HBASE-7448) to carry labels
> - Use OperationWithAttributes# {get,set}Attribute for handling visibility
> labels in the API
> - Implement a new filter for evaluating visibility labels as KVs are streamed
> through.
> This approach would be consistent in deployment and API details with other
> per-KV security work, supporting environments where they might be both be
> employed, even stacked on some tables.
> See the parent issue for more discussion.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
