[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14281687#comment-14281687
]
Jerry He commented on HBASE-12745:
----------------------------------
Backward compatibility has been tested in the following way.
Drop an old version of DefaultVisibilityServiceImpl class into the classpath.
All visibility unit tests passed, except the group test, with the expected
exceptions.
> Visibility Labels: support visibility labels for user groups.
> --------------------------------------------------------------
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.0, 0.98.9, 0.99.2
> Reporter: Jerry He
> Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
