HBase
  1. HBase
  2. HBASE-10326

Super user should be able scan all the cells irrespective of the visibility labels

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 0.98.0
    • Fix Version/s: 0.98.0, 0.99.0
    • Component/s: security
    • Labels:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
    • Tags:
      visibility

      Description

      This issue is in lieu with HBASE-10322. In case of export tool, when the cells with visibility labels are exported using a super user we should be able to export the data. But with the current implementation, the super user would also be able to view cells that has visibility labels associated with the superuser. The idea of HBASE-10322 is to strip out tags based on user and if so this change is necessary for export tool to work with Visibility. ACL already has a concept of global admins.

      1. HBASE-10326.patch
        23 kB
        ramkrishna.s.vasudevan
      2. HBASE-10326_1.patch
        23 kB
        ramkrishna.s.vasudevan

        Issue Links

          Activity

          Enis Soztutar made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Anoop Sam John made changes -
          Release Note HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
          Component/s security [ 12314192 ]
          Anoop Sam John made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Hadoop Flags Reviewed [ 10343 ]
          Resolution Fixed [ 1 ]
          ramkrishna.s.vasudevan made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          ramkrishna.s.vasudevan made changes -
          Attachment HBASE-10326_1.patch [ 12622599 ]
          ramkrishna.s.vasudevan made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          ramkrishna.s.vasudevan made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          ramkrishna.s.vasudevan made changes -
          Attachment HBASE-10326.patch [ 12622582 ]
          ramkrishna.s.vasudevan made changes -
          Field Original Value New Value
          Link This issue is related to HBASE-10322 [ HBASE-10322 ]
          ramkrishna.s.vasudevan created issue -

            People

            • Assignee:
              ramkrishna.s.vasudevan
              Reporter:
              ramkrishna.s.vasudevan
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development