[HBASE-10863] Scan doesn't return rows for user who has authorization by visibility label in secure deployment - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.98.0
Fix Version/s: 0.98.1, 0.99.0
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

In secure deployment of 0.98 tip, I did:
as user hbase:

add_labels 'A'
create 'tb', 'f1'
put 'tb', 'row', 'f1:q', 'v1', {VISIBILITY=>'A'}
set_auths 'oozie', ['A']

as user oozie:

hbase(main):001:0> scan 'tb', { AUTHORIZATIONS => ['A']}
ROW                                          COLUMN+CELL
0 row(s) in 0.1030 seconds

Here is my config:

  <property>
    <name>hfile.format.version</name>
    <value>3</value>
  </property>
  <property>
   <name>hbase.coprocessor.master.classes</name>
   <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
  </property>
  <property>
   <name>hbase.coprocessor.region.classes</name>
   <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
  </property>
  <property>
   <name>hbase.regionserver.scan.visibility.label.generator.class&lt;/name>
   <value>org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator</value>
  </property>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

10863-v2.txt
29/Mar/14 10:12
0.9 kB
Ted Yu
10863-v1.txt
29/Mar/14 03:11
1 kB
Ted Yu

Activity

People

Assignee:: Ted Yu

Reporter:: Ted Yu

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 28/Mar/14 16:46

Updated:: 21/Feb/15 23:30

Resolved:: 29/Mar/14 13:10