[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14257847#comment-14257847
]
Anoop Sam John commented on HBASE-12745:
----------------------------------------
bq.4) But client side get_auths call will only get the result explicit for that
user only or for that group (if parameter is @group) only.
So if at client side, one need all labelled auth'ed for a user (explicit grant
or via group), need to make multiple calls with user and for each of his/her
group. Can clearly mention this in javadoc for VisibilityClient? Also change
the help part in the shell command how to use get for group. (Also similar way
for other APIs as well).
Thanks for the nice work.
> Visibility Labels: support visibility labels for user groups.
> --------------------------------------------------------------
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.0, 0.98.9, 0.99.2
> Reporter: Jerry He
> Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
