Yan Zhou commented on PIG-987:

During STORE, the storage hint is enhanced to take a new "secure by"  section, 

[c1,c2] secure by group:secure perm:640

meaning the column group of columns "c1" and "c2" will belong to group "secure" 
with file permission octal value of 0640 which, in turn, means read+write for 
user, read for group and non for others.

After Zebra table creation, all files and directories inside the secured column 
group will have the same permision and group membership within the table.

If a column group is not secured, the default behavoir is determined by the 
HADOOP MAP/REDUCE  default permision and group membership set upon the new 
files and directories.

> Zebra Column Group Access Control
> ---------------------------------
>                 Key: PIG-987
>                 URL: https://issues.apache.org/jira/browse/PIG-987
>             Project: Pig
>          Issue Type: New Feature
>    Affects Versions: 0.6.0
>            Reporter: Yan Zhou
>            Assignee: Yan Zhou
>         Attachments: ColumnGroupSecurity.patch
> Access Control: when processes try to read from the column groups, Zebra 
> should be able to handle allowed vs. disallowed user/application accesses. 
> Expected behavior when column group permissions are set:
>     When user selects only columns that they do not have permissions to 
> access, Zebra should return error with message "Error #: Permission denied 
> for accessing column <column name or names> 
> Access control applies to an entire column group, so all columns in a column 
> group have same permissions. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Reply via email to