-
Type:
Sub-task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 0.98.0
-
Fix Version/s: 0.98.0
-
Component/s: Coprocessors, security
-
Labels:None
-
Hadoop Flags:Reviewed
-
Release Note:
Implement Accumulo-style visibility labels. Consider the following design principles:
- Coprocessor based implementation
- Minimal to no changes to core code
- Use KeyValue tags (
HBASE-7448) to carry labels - Use OperationWithAttributes#
{get,set}
Attribute for handling visibility labels in the API
- Implement a new filter for evaluating visibility labels as KVs are streamed through.
This approach would be consistent in deployment and API details with other per-KV security work, supporting environments where they might be both be employed, even stacked on some tables.
See the parent issue for more discussion.
- depends upon
-
HBASE-9962 Improve tag iteration
-
- Closed
-
- is depended upon by
-
HBASE-9884 Add Thrift and REST support for Visibility Labels
-
- Closed
-
- is related to
-
HBASE-7254 Refactor AccessController ZK-mediated permissions cache into a generic mechanism
-
- Resolved
-
- relates to
-
HBASE-12346 Scan's default auths behavior under Visibility labels
-
- Closed
-
-
HBASE-9832 Add MR support for Visibility labels
-
- Closed
-
-
HBASE-12373 Provide a command to list visibility labels
-
- Closed
-
-
HBASE-12466 Document visibility scan label generator usage and behavior
-
- Resolved
-