Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-6222 Add per-KeyValue Security
  3. HBASE-7663

[Per-KV security] Visibility labels

          Details

          • Type: Sub-task
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 0.98.0
          • Fix Version/s: 0.98.0
          • Component/s: Coprocessors, security
          • Labels:
            None
          • Hadoop Flags:
            Reviewed
          • Release Note:
            Hide
            VisibilityController CP handles the visibility
            The visibility labels are stored as tags with KVs
            Use Mutation#setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells
            The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order
            Eg : SECRET & CONFIDENTIAL & !PUBLIC
            Please note that passing CellVisibility in a Delete mutation is illegal.

            During read, (Scan/Get) one can specify labels associated with that, in Authorizations
            scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));


            Visibility Label admin operations
            ----------------------------------------
            Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command
            Only super user (hbase.superuse) have permission to add the labels into the system.
            A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths()
            Similarly labels can be removed from user auths using clearAuths.
            getAuths API can be used to view user auths.
            Also there is support for set_auths, clear_auths and get_auths shell commands
            Same way as in addLabels, only super user have permission for these operations.
            When AccessController is ON the permission checks are handled by AC.
            Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.
            Show
            VisibilityController CP handles the visibility The visibility labels are stored as tags with KVs Use Mutation#setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order Eg : SECRET & CONFIDENTIAL & !PUBLIC Please note that passing CellVisibility in a Delete mutation is illegal. During read, (Scan/Get) one can specify labels associated with that, in Authorizations scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); Visibility Label admin operations ---------------------------------------- Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command Only super user (hbase.superuse) have permission to add the labels into the system. A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths() Similarly labels can be removed from user auths using clearAuths. getAuths API can be used to view user auths. Also there is support for set_auths, clear_auths and get_auths shell commands Same way as in addLabels, only super user have permission for these operations. When AccessController is ON the permission checks are handled by AC. Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.

            Description

            Implement Accumulo-style visibility labels. Consider the following design principles:

            • Coprocessor based implementation
            • Minimal to no changes to core code
            • Use KeyValue tags (HBASE-7448) to carry labels
            • Use OperationWithAttributes# {get,set}

              Attribute for handling visibility labels in the API

            • Implement a new filter for evaluating visibility labels as KVs are streamed through.

            This approach would be consistent in deployment and API details with other per-KV security work, supporting environments where they might be both be employed, even stacked on some tables.

            See the parent issue for more discussion.

              Attachments

              1. HBASE-7663.patch
                383 kB
                Anoop Sam John
              2. HBASE-7663_V9.patch
                535 kB
                Anoop Sam John
              3. HBASE-7663_V8.patch
                534 kB
                Anoop Sam John
              4. HBASE-7663_V7.patch
                536 kB
                Anoop Sam John
              5. HBASE-7663_V6.patch
                536 kB
                Anoop Sam John
              6. HBASE-7663_V5.patch
                550 kB
                Anoop Sam John
              7. HBASE-7663_V4.patch
                549 kB
                Anoop Sam John
              8. HBASE-7663_V3.patch
                605 kB
                Anoop Sam John
              9. HBASE-7663_V2.patch
                560 kB
                Anoop Sam John
              10. HBASE-7663_V10.patch
                535 kB
                Anoop Sam John

                Issue Links

                depends upon

                Bug - A problem which impairs or prevents the functions of the product. HBASE-9962 Improve tag iteration

                • Major - Major loss of function.
                • Closed
                is depended upon by

                Improvement - An improvement or enhancement to an existing feature or task. HBASE-9884 Add Thrift and REST support for Visibility Labels

                • Major - Major loss of function.
                • Closed
                is related to

                Task - A task that needs to be done. HBASE-7254 Refactor AccessController ZK-mediated permissions cache into a generic mechanism

                • Major - Major loss of function.
                • Resolved
                relates to

                Bug - A problem which impairs or prevents the functions of the product. HBASE-12346 Scan's default auths behavior under Visibility labels

                • Major - Major loss of function.
                • Closed

                Improvement - An improvement or enhancement to an existing feature or task. HBASE-9832 Add MR support for Visibility labels

                • Major - Major loss of function.
                • Closed

                Improvement - An improvement or enhancement to an existing feature or task. HBASE-12373 Provide a command to list visibility labels

                • Minor - Minor loss of function, or other problem where easy workaround is present.
                • Closed

                Task - A task that needs to be done. HBASE-12466 Document visibility scan label generator usage and behavior

                • Major - Major loss of function.
                • Resolved

                  Activity

                    People

                    • Assignee:
                      anoop.hbase Anoop Sam John
                      Reporter:
                      apurtell Andrew Purtell
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      7 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: