Affects Version/s: None
Fix Version/s: None
Today, one can put in an ACL rule where a user is not permitted to read data but can insert data (e.g. grant 'user', 'table', 'W'). However, one can not implement HBase as a "drop-box" for data where by in a secure network, one can read and write data but outside that secure network one can only write data; and I do not believe this is possible with custom access controllers, unless one "wraps" HBase; e.g. with the HBase REST server.
I propose passing the requester's host information through the HBase authentication stack so that the ACL model in HBase can work akin to the SQL semantics of user@host or user@<anywhere>.The expected impact would be to HBase private interfaces only, so far in POC'ing it seems the following would be impacted:
Access Control Classes/ACL Table Management:
Co-Processor APIs for Checking Authentication: