[jira] [Commented] (HBASE-6222) Add per-KeyValue Security

Andrew Purtell (JIRA) Mon, 25 Feb 2013 10:28:16 -0800

    [ 
https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13586093#comment-13586093
 ]


Andrew Purtell commented on HBASE-6222:
---------------------------------------

bq. In AccessController.requireCoveringPermission the close should be in 
finally block?

Ok.

bq. May be we can move this before the 'if' condition just before this.

Ok.

bq. @Test tag misses for testCellPermissions(). Was it intentional?

No. Checked the test logs and it still runs, but will add this of course.

bq. The memstore flushes if more than 1 CF exists, will it have an impact on 
this new CF introduced?

The ACL CF is only hidden from the client. 

bq. Once in the AccessController hooks we have ensured that the permission is 
available by checking the new CF acl, when the actual scan goes we can avoid 
this Cell right?

We could modify the Scan object in a preScannerOpen hook to exclude the ACL CF. 
The values from that family are not used in the filter. (I seem to remember 
exploring that idea is why no such exclusion presently.)

Thanks for the review!
                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.96.0, 0.98.0
>            Reporter: stack
>            Assignee: Andrew Purtell
>         Attachments: 6222-aclcf.patch, 6222.pdf, 
> cell-acls-kv-tags-not-for-review.zip, 
> HBaseCellRow-LevelSecurityDesignDoc.docx, HBaseCellRow-LevelSecurityPRD.docx
>
>
> Saw an interesting article: 
> http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national 
> defense authorization act (S. 3254) would require DoD agencies to foreswear 
> the Accumulo NoSQL database after Sept. 30, 2013, unless the DoD CIO 
> certifies that there exists either no viable commercial open source database 
> with security features comparable to [Accumulo] (such as the HBase or 
> Cassandra databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats 
> going on in the article, but tra-la-la'ing, if we had per-KeyValue 'security' 
> like Accumulo's, we might put ourselves in the running for federal 
> contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HBASE-6222) Add per-KeyValue Security

Reply via email to