[jira] [Commented] (NIFI-4637) Add support for HBase visibility labels to HBase processors and controller services

Wed, 25 Apr 2018 12:46:33 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16452957#comment-16452957
 ] 

ASF GitHub Bot commented on NIFI-4637:
--------------------------------------

Github user joshelser commented on the issue:

    https://github.com/apache/nifi/pull/2518
  
    > Would you please educate me why delete operation uses expression instead 
of a comma separated labels as scan does
    
    The general reasoning is this: you may have multiple "values" for the same 
key at different levels of visibility. Consider credit-card information:
    ```
    josh-creditcard1 f:number [private] -> 123456-1234-12345678
    josh-creditcard1 f:number [seller]   -> xxxxxx-xxxx-xxxx5678
    ```
    The visibility label for Accumulo is an expression that defines if a user 
with a collection of visibility labels is allowed to see that record. The 
expression also contributes to the uniqueness of that key, almost acting as a 
kind of "attribute" for the record being store.
    Requiring the exact visibility label to delete the record is also important 
in a multi-tenant system with various levels of visibility because you may not 
know if other copies of the Key exist that you are unaware of. For example, if 
a "seller" was trying to delete my creditcard1 information, they would be 
unaware that my full creditcard number also exists there -- if we gave 
acknowledgment that it was deleted, that would be an information leak.


> Add support for HBase visibility labels to HBase processors and controller 
> services
> -----------------------------------------------------------------------------------
>
>                 Key: NIFI-4637
>                 URL: https://issues.apache.org/jira/browse/NIFI-4637
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Mike Thomsen
>            Assignee: Mike Thomsen
>            Priority: Major
>
> HBase supports visibility labels, but you can't use them from NiFi because 
> there is no way to set them. The existing processors and services should be 
> upgraded to handle this capability.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to