[jira] [Commented] (HBASE-12466) Document visibility scan label generator usage and behavior

Mon, 02 Mar 2015 10:18:15 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-12466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14343523#comment-14343523
 ] 

Jerry He commented on HBASE-12466:
----------------------------------

Hi, [~misty]

bq.  A superuser can see the default set of authorizations for a given user by 
using the `set_auths` HBase Shell command or the 
link:http://hbase.apache.org/devapidocs/org/apache/hadoop/hbase/security/visibility/VisibilityClient.htmlsgetAuths%28org.apache.hadoop.conf.Configuration,%20java.lang.String%29[setAuths()]
 method.

There is a mismatch of the link (setAuths) and the method (get).  Also do you 
mean "A superuser can set ..."?

bq. +The default implementation class is 
`org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator`, which 
was implemented in 
link:https://issues.apache.org/jira/browse/HBASE-12466[HBASE-12468].

There is no more 
'org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator'. It has 
been changed/removed.  See the following comment in the 
org.apache.hadoop.hbase.security.visibility.VisibilityUtils#getScanLabelGenerators().
  Also there is a mismatch between the JIRA link and the real real JIRA number.

{code}
    // If no SLG is specified in conf, by default we'll add two SLGs
    // 1. FeedUserAuthScanLabelGenerator
    // 2. DefinedSetFilterScanLabelGenerator
    // This stacking will achieve the following default behavior:
    // 1. If there is no Auths in the scan, we will obtain the global defined 
set for the user
    //    from the labels table.
    // 2. If there is Auths in the scan, we will examine the passed in Auths 
and filter out the
    //    labels that the user is not entitled to. Then use the resulting label 
set.
    if (slgs.isEmpty()) {
      
slgs.add(ReflectionUtils.newInstance(FeedUserAuthScanLabelGenerator.class, 
conf));
      
slgs.add(ReflectionUtils.newInstance(DefinedSetFilterScanLabelGenerator.class, 
conf));
    }
    return slgs;
{code}

> Document visibility scan label generator usage and behavior
> -----------------------------------------------------------
>
>                 Key: HBASE-12466
>                 URL: https://issues.apache.org/jira/browse/HBASE-12466
>             Project: HBase
>          Issue Type: Task
>          Components: documentation, security
>            Reporter: Jerry He
>            Assignee: Misty Stanley-Jones
>         Attachments: HBASE-12466.patch
>
>
> Document the SLGs we provide and their behavior.
> Document the out-of-box default behavior.
> Document how to configure SLG if non-default behavior is desired. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to