Github user bbende commented on the issue:
https://github.com/apache/nifi/pull/2518
@MikeThomsen @ijokarumawak I haven't looked at how Hbase visibility labels
work compared to Accumulo, but in Accumulo you pass in the authorizations for
an operations which are then compared against the visibility strings on each
cell. The authorizations on the operation usually come from authenticating an
end-user against LDAP and then running an operation on their behalf.
When scanning cells for the current operation, if the passed in
authorizations don't meet the visiblity string for a given cell, then it is as
if this cell doesn't exist. So if you were issuing a delete on behalf of an
end-user, I would expect they can only delete cells that are visible to them
based on their authorizations.
Curious to hear that Josh has to say.
---
