[ https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Busbey reopened HBASE-12745: --------------------------------- I think this may have broken compat promises going from 0.98 -> 1.0. These methods are in classes marked IA.Public: * VisibilityLabelService.getAuth(byte[], boolean) * VisibilityLabelService.havingSystemAuth(byte[]) They've been in 0.98 releases (since 0.98.6) and will be marked deprecated as of the 0.98.10 release. In branch-1.0 / branch-1.1 they're removed. Since they're IA.Public, shouldn't they be deprecated for a full major version before removal? That would mean they need to stick around for all of 1.x. In particular, as-is this would require users with custom VisibilityLabelService implementations to deal with a source compatibility issue prior to doing a rolling upgrade from 0.98.6+ -> 1.0. If we don't maintain compatibility across 1.x, we should call this out in the release note. > Visibility Labels: support visibility labels for user groups. > -------------------------------------------------------------- > > Key: HBASE-12745 > URL: https://issues.apache.org/jira/browse/HBASE-12745 > Project: HBase > Issue Type: Improvement > Components: security > Affects Versions: 1.0.0, 0.98.9, 0.99.2 > Reporter: Jerry He > Assignee: Jerry He > Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0 > > Attachments: HBASE-12745-master-v1.patch, > HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch, > HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch, > HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch, > HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch, > HBASE-12745-v7-branch1.patch > > > The thinking is that we should support visibility labels to be associated > with user groups. > We will then be able grant visibility labels to a group in addition to > individual users, which provides convenience and usability. > We will use '@group' to denote a group name, as similarly done in > AcccessController. > For example, > {code} > set_auths '@group1', ['SECRET','PRIVATE'] > {code} > {code} > get_auth '@group1' > {code} > A user belonging to 'group1' will have all the visibility labels granted to > 'group1' > We'll also support super user groups as specified in hbase-site.xml. > The code update will mainly be on the server side VisibilityLabelService > implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)