Details
-
Improvement
-
Status: Resolved
-
Trivial
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
Today, one can put in an ACL rule where a user is not permitted to read data but can insert data (e.g. grant 'user', 'table', 'W'). However, one can not implement HBase as a "drop-box" for data where by in a secure network, one can read and write data but outside that secure network one can only write data; and I do not believe this is possible with custom access controllers, unless one "wraps" HBase; e.g. with the HBase REST server.
I have been pushing for this model (e.g. Of Data Dropboxes and Data Gloveboxes or slides) in a number of technologies for some data compartmentalization initiatives.
I propose passing the requester's host information through the HBase authentication stack so that the ACL model in HBase can work akin to the SQL semantics of user@host or user@<anywhere>.The expected impact would be to HBase private interfaces only, so far in POC'ing it seems the following would be impacted:
Access Control Classes/ACL Table Management:
- AccessControlUtil
- UserPermission
- AccessChecker
- AccessControlFilter
- AccessController
- AuthResult
- TableAuthManager
- AccessControl.proto
Co-Processor APIs for Checking Authentication:
- CoprocessorHost
- ObserverContext
- ObserverContextImpl
- RSRpcServices
- RSGroupAdminEndpoint