[jira] [Commented] (HBASE-12745) Visibility Labels: support visibility labels for user groups.

Tue, 20 Jan 2015 19:14:04 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14285085#comment-14285085
 ] 

Anoop Sam John commented on HBASE-12745:
----------------------------------------

[~jerryhe]
Thanks for the excellent work. 0.98 patch  looks good except some minor comments
{code}
public boolean havingSystemAuth(byte[] user) throws IOException {
+    // Implementation for backward compatibility
+    User user1 = VisibilityUtils.getActiveUser();
+    return havingSystemAuth(user1);
+  }
{code}
In an API perspective it might not be correct to ignore the passed user name 
param and check for the cur active user. Simple solution is to check against 
getUserAuths(user, true). Agree that will make some lines of duplicate code but 
that is ok IMO.   Same way in ExpAsStringVisibilityLabelServiceImpl.

{code}
+   * @deprecated Use {@link#getUserAuths(byte[], boolean)}
    */
   List<String> getAuths(byte[] user, boolean systemCall) throws IOException;
{code}
Pls add @Deprecated tag also. Make sure to add these in DefaultVLS

VisibilityLabelsCache
{code}
  public List<String> getAuths(String user) {
+    return getUserAuths(user);
+  }
+
+  public List<String> getUserAuths(String user) {
{code}
Just rename existing method to getUserAuths is enough as this is a private 
class.


You would like to give a new version? If you are busy I can change it on 
commit.  
Will commit to all version tonight my time.


> Visibility Labels:  support visibility labels for user groups.
> --------------------------------------------------------------
>
>                 Key: HBASE-12745
>                 URL: https://issues.apache.org/jira/browse/HBASE-12745
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 0.98.9, 0.99.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>             Fix For: 2.0.0
>
>         Attachments: HBASE-12745-master-v1.patch, 
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch, 
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch, 
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch, 
> HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated 
> with user groups.
> We will then be able grant visibility labels to a group in addition to 
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in 
> AcccessController.
> For example, 
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to 
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService 
> implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to