[
https://issues.apache.org/jira/browse/HBASE-11384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14074243#comment-14074243
]
Anoop Sam John commented on HBASE-11384:
----------------------------------------
VC#postMutationBeforeWAL()
Here also covering auth check should be done. (Append/Increment case)
VisibilityLabelsManager
EMPTY_INT_LIST - Not used
getAuthsAsOrdinals() This can be null . So null check needed wherever used.
The current, null value is treated as no need to check for covering auths.
Instead the check should be based on boolean VC.checkAuths
{code}
<description>
+ This property if enabled will check if the labels in the visibility
expression are associated
+ with the user issing the mutation
+ </description>
{code}
issing - issueing
> [Visibility Controller]Check for users covering authorizations for every
> mutation
> ---------------------------------------------------------------------------------
>
> Key: HBASE-11384
> URL: https://issues.apache.org/jira/browse/HBASE-11384
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 0.98.3
> Reporter: ramkrishna.s.vasudevan
> Assignee: ramkrishna.s.vasudevan
> Fix For: 0.99.0, 0.98.5
>
> Attachments: HBASE-11384.patch, HBASE-11384_1.patch,
> HBASE-11384_2.patch, HBASE-11384_3.patch, HBASE-11384_4.patch,
> HBASE-11384_6.patch
>
>
> As part of discussions, it is better that every mutation either Put/Delete
> with Visibility expressions should validate if the expression has labels for
> which the user has authorization. If not fail the mutation.
> Suppose User A is assoicated with A,B and C. The put has a visibility
> expression A&D. Then fail the mutation as D is not associated with User A.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
