[HBASE-10326] Super user should be able scan all the cells irrespective of the visibility labels - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.98.0
Fix Version/s: 0.98.0, 0.99.0
Component/s: security
Labels:
- security

Hadoop Flags:

Reviewed
Release Note:
HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
Tags:
visibility

Description

This issue is in lieu with ~~HBASE-10322~~. In case of export tool, when the cells with visibility labels are exported using a super user we should be able to export the data. But with the current implementation, the super user would also be able to view cells that has visibility labels associated with the superuser. The idea of ~~HBASE-10322~~ is to strip out tags based on user and if so this change is necessary for export tool to work with Visibility. ACL already has a concept of global admins.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HBASE-10326.patch
13/Jan/14 05:39
23 kB
ramkrishna.s.vasudevan
HBASE-10326_1.patch
13/Jan/14 08:51
23 kB
ramkrishna.s.vasudevan

Issue Links

is related to

HBASE-10322 Strip tags from KV while sending back to client on reads

Closed

Activity

People

Assignee:

ramkrishna.s.vasudevan

Reporter:

ramkrishna.s.vasudevan

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

13/Jan/14 04:29

Updated:

21/Feb/15 23:33

Resolved:

13/Jan/14 17:54