[
https://issues.apache.org/jira/browse/HBASE-10878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13956082#comment-13956082
]
ramkrishna.s.vasudevan commented on HBASE-10878:
------------------------------------------------
Scans has to be with individual labels and that would ideally be the right
behaviour because we are specifying what labels that user can see. It is with
Puts that we can say which labels are allowed to be scan for a user and so
there the use of expressions make sense.
Also this is inline with Accumlo behaviour also. JFYI.
{code}
// user possess both admin and system level access
Authorization auths = new Authorization("admin","system");
Scanner s = connector.createScanner("table", auths)
{code}
as in Accumulo's doc.
> Operator | for visibility label doesn't work
> --------------------------------------------
>
> Key: HBASE-10878
> URL: https://issues.apache.org/jira/browse/HBASE-10878
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
>
> I used setup similar to that from HBASE-10863, with fix for HBASE-10863 :
> {code}
> hbase(main):003:0> scan 'hbase:labels'
> ROW COLUMN+CELL
> \x00\x00\x00\x01 column=f:\x00,
> timestamp=1395944796030, value=system
> \x00\x00\x00\x01 column=f:hbase,
> timestamp=1395944796030, value=
> \x00\x00\x00\x02 column=f:\x00,
> timestamp=1395951045442, value=TOP_SECRET
> \x00\x00\x00\x02 column=f:hrt_qa,
> timestamp=1395951229682, value=
> \x00\x00\x00\x02 column=f:hrt_qa1,
> timestamp=1395951270297, value=
> \x00\x00\x00\x02 column=f:mapred,
> timestamp=1395958442326, value=
> \x00\x00\x00\x03 column=f:\x00,
> timestamp=1395952069731, value=TOP_TOP_SECRET
> \x00\x00\x00\x03 column=f:mapred,
> timestamp=1395956032141, value=
> \x00\x00\x00\x04 column=f:\x00,
> timestamp=1395971516605, value=A
> \x00\x00\x00\x04 column=f:oozie,
> timestamp=1395971647859, value=
> \x00\x00\x00\x05 column=f:\x00,
> timestamp=1395971520327, value=B
> 5 row(s) in 0.0580 seconds
> {code}
> I did the following as user oozie using hbase shell:
> {code}
> hbase(main):001:0> scan 'tb', { AUTHORIZATIONS => ['A']}
> ROW COLUMN+CELL
> row column=f1:q,
> timestamp=1395971660859, value=v1
> row2 column=f1:q,
> timestamp=1395972271343, value=v2
> row3 column=f1:q,
> timestamp=1396067477702, value=v3
> 3 row(s) in 0.2050 seconds
> hbase(main):002:0> scan 'tb', { AUTHORIZATIONS => ['A|B']}
> ROW COLUMN+CELL
> row2 column=f1:q,
> timestamp=1395972271343, value=v2
> 1 row(s) in 0.0150 seconds
> hbase(main):003:0> scan 'tb', { AUTHORIZATIONS => ['B|A']}
> ROW COLUMN+CELL
> row2 column=f1:q,
> timestamp=1395972271343, value=v2
> 1 row(s) in 0.0260 seconds
> {code}
> Rows 'row' and 'row3' were inserted with label 'A'.
> Row 'row2' was inserted without label.
> Row 'row1' was inserted with label 'B'.
> I would expect row1 to also be returned.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
