[jira] [Updated] (HBASE-7662) [Per-KV security] Per cell ACLs stored in tags

Tue, 26 Nov 2013 15:35:23 -0800 

     [ 
https://issues.apache.org/jira/browse/HBASE-7662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Purtell updated HBASE-7662:
----------------------------------

       Resolution: Fixed
    Fix Version/s: 0.98.0
     Release Note: 
This change extends the HBase ACL model to the cell level. ACLs can now be set 
on a per cell basis. See the Security section of the HBase manual for 
configuration and usage detail. 

HBASE-7663 introduced a new parent class for Get and Scan, Query. This change 
also moves the getFilter and SetFilter methods of Get and Scan to the common 
parent class. Client code may need to be recompiled. 
     Hadoop Flags: Incompatible change,Reviewed
           Status: Resolved  (was: Patch Available)

Ran mvn javadoc:javadoc locally and grepped for "warning". No javadoc issues 
appear to be contributed by this patch.

Attached what I committed to trunk. I decided to leave out TestCellACLsLoadTest 
because it adds ~60 seconds to test time, on fast hardware, and only measures 
relative performance differences (and only if modified). It does not do any 
functional verification. I can contribute and/or improve it on a follow on 
issue if anyone wants it.

Added a mention of the Query#{get,set}Filter API change in the release notes. 
This does not affect wire compatibility so is acceptable under the 0.98 release 
criteria. However, this is not essential to the cell ACL implementation and can 
be backed out independently with only a minor update needed to AccessController.

Thanks for the reviews, Anoop and Ram. 

> [Per-KV security] Per cell ACLs stored in tags
> ----------------------------------------------
>
>                 Key: HBASE-7662
>                 URL: https://issues.apache.org/jira/browse/HBASE-7662
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Coprocessors, security
>    Affects Versions: 0.98.0
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.98.0
>
>         Attachments: 7662-final.patch, 7662-final.patch, 7662.patch, 
> 7662.patch, 7662.patch, 7662.patch, latency-single.7662.xlsx
>
>
> We can improve the performance of per-cell authorization if the read of the 
> cell ACL, if any, is combined with the sequential read of the cell data 
> already in progress. When tags are inlined with KVs in block encoding (see 
> HBASE-7448, and more generally HBASE-7233), we can use them to carry cell 
> ACLs instead of using out-of-line storage (HBASE-7661) for that purpose.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to