[jira] [Commented] (HBASE-10326) Super user should be able scan all the cells irrespective of the visibility labels

Sun, 12 Jan 2014 23:13:04 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-10326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13869324#comment-13869324
 ] 

Hadoop QA commented on HBASE-10326:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12622582/HBASE-10326.patch
  against trunk revision .
  ATTACHMENT ID: 12622582

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:green}+1 tests included{color}.  The patch appears to include 6 new 
or modified tests.

    {color:green}+1 hadoop1.0{color}.  The patch compiles against the hadoop 
1.0 profile.

    {color:green}+1 hadoop1.1{color}.  The patch compiles against the hadoop 
1.1 profile.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:red}-1 lineLengths{color}.  The patch introduces the following lines 
longer than 100:
    +    // If a super user issues a scan, he should be able to scan the cells 
irrespective of the Visibility labels
+    // If a super user issues a get, he should be able to scan the cells 
irrespective of the Visibility labels
+    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new 
PrivilegedExceptionAction<VisibilityLabelsResponse>() {

    {color:red}-1 site{color}.  The patch appears to cause mvn site goal to 
fail.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/8400//console

This message is automatically generated.

> Super user should be able scan all the cells irrespective of the visibility 
> labels
> ----------------------------------------------------------------------------------
>
>                 Key: HBASE-10326
>                 URL: https://issues.apache.org/jira/browse/HBASE-10326
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.98.0
>            Reporter: ramkrishna.s.vasudevan
>            Assignee: ramkrishna.s.vasudevan
>            Priority: Critical
>              Labels: security
>             Fix For: 0.98.0, 0.99.0
>
>         Attachments: HBASE-10326.patch
>
>
> This issue is in lieu with HBASE-10322.  In case of export tool, when the 
> cells with visibility labels are exported using a super user we should be 
> able to export the data.  But with the current implementation, the super user 
> would also be able to view cells that has visibility labels associated with 
> the superuser.  The idea of HBASE-10322 is to strip out tags based on user 
> and if so this change is necessary for export tool to work with Visibility.  
> ACL already has a concept of global admins.  



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to