Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 0.98.0
-
Component/s: security
-
Labels:
-
Hadoop Flags:Reviewed
-
Release Note:HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
-
Tags:visibility
Description
This issue is in lieu with HBASE-10322. In case of export tool, when the cells with visibility labels are exported using a super user we should be able to export the data. But with the current implementation, the super user would also be able to view cells that has visibility labels associated with the superuser. The idea of HBASE-10322 is to strip out tags based on user and if so this change is necessary for export tool to work with Visibility. ACL already has a concept of global admins.
Attachments
Issue Links
- is related to
-
HBASE-10322 Strip tags from KV while sending back to client on reads
-
- Closed
-