[jira] [Commented] (HBASE-7663) [Per-KV security] Visibility labels

Wed, 06 Nov 2013 09:57:28 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-7663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13815075#comment-13815075
 ] 

stack commented on HBASE-7663:
------------------------------

Skimming the patch...

Should setAuthorizations and getAuthorizations be pushed up to the super class 
or do they only apply to certain 'types' -- like setCellVisibility and 
getCellVisibility.  Or seems like they are for Get and Scan only.  Should we 
have an Interface that is other-than-Mutation that Scan and Get implement (and 
Increment i suppose since it retturns a value)?  We'd add these methods there?

An illegal operation is different to an AccessDeniedE?  It is not necessarily 
of the security realm?

Does CellVisibility need a class comment?  Or maybe it is ok given it is in the 
visibility package and it is called CellVisibility (no need to be pedantic)

Ok... let me go look at your responses up on RB now...... I realize I did not 
go back to them.



> [Per-KV security] Visibility labels
> -----------------------------------
>
>                 Key: HBASE-7663
>                 URL: https://issues.apache.org/jira/browse/HBASE-7663
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>    Affects Versions: 0.98.0
>            Reporter: Andrew Purtell
>            Assignee: Anoop Sam John
>             Fix For: 0.98.0
>
>         Attachments: HBASE-7663.patch, HBASE-7663_V2.patch, 
> HBASE-7663_V3.patch, HBASE-7663_V4.patch, HBASE-7663_V5.patch, 
> HBASE-7663_V6.patch
>
>
> Implement Accumulo-style visibility labels. Consider the following design 
> principles:
> - Coprocessor based implementation
> - Minimal to no changes to core code
> - Use KeyValue tags (HBASE-7448) to carry labels
> - Use OperationWithAttributes# {get,set}Attribute for handling visibility 
> labels in the API
> - Implement a new filter for evaluating visibility labels as KVs are streamed 
> through.
> This approach would be consistent in deployment and API details with other 
> per-KV security work, supporting environments where they might be both be 
> employed, even stacked on some tables.
> See the parent issue for more discussion.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to