[
https://issues.apache.org/jira/browse/HBASE-11384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073544#comment-14073544
]
Andrew Purtell commented on HBASE-11384:
----------------------------------------
{quote}
bq. HTD#setCheckAuthsForMutation(boolean setCheckAuths)
We can have cluster level also fine, but allowing HTD.setValue() then we have
to expose that config outside. Making it by default to true would mean that it
is on by default.
{quote}
I think a cluster wide setting is better. We could make it a table attr but
let's not unless we can come up with a credible use case.
Should be off by default in 0.98. Could be on by default in 0.99+
> [Visibility Controller]Check for users covering authorizations for every
> mutation
> ---------------------------------------------------------------------------------
>
> Key: HBASE-11384
> URL: https://issues.apache.org/jira/browse/HBASE-11384
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 0.98.3
> Reporter: ramkrishna.s.vasudevan
> Assignee: ramkrishna.s.vasudevan
> Fix For: 0.99.0, 0.98.5
>
> Attachments: HBASE-11384.patch, HBASE-11384_1.patch,
> HBASE-11384_2.patch, HBASE-11384_3.patch, HBASE-11384_4.patch
>
>
> As part of discussions, it is better that every mutation either Put/Delete
> with Visibility expressions should validate if the expression has labels for
> which the user has authorization. If not fail the mutation.
> Suppose User A is assoicated with A,B and C. The put has a visibility
> expression A&D. Then fail the mutation as D is not associated with User A.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
