HBase
  1. HBase
  2. HBASE-10326

Super user should be able scan all the cells irrespective of the visibility labels

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 0.98.0
    • Fix Version/s: 0.98.0, 0.99.0
    • Component/s: security
    • Labels:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
    • Tags:
      visibility

      Description

      This issue is in lieu with HBASE-10322. In case of export tool, when the cells with visibility labels are exported using a super user we should be able to export the data. But with the current implementation, the super user would also be able to view cells that has visibility labels associated with the superuser. The idea of HBASE-10322 is to strip out tags based on user and if so this change is necessary for export tool to work with Visibility. ACL already has a concept of global admins.

      1. HBASE-10326_1.patch
        23 kB
        ramkrishna.s.vasudevan
      2. HBASE-10326.patch
        23 kB
        ramkrishna.s.vasudevan

        Issue Links

          Activity

            People

            • Assignee:
              ramkrishna.s.vasudevan
              Reporter:
              ramkrishna.s.vasudevan
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development