Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.98.0
-
None
-
Reviewed
-
Description
Implement Accumulo-style visibility labels. Consider the following design principles:
- Coprocessor based implementation
- Minimal to no changes to core code
- Use KeyValue tags (
HBASE-7448) to carry labels - Use OperationWithAttributes#
{get,set}
Attribute for handling visibility labels in the API
- Implement a new filter for evaluating visibility labels as KVs are streamed through.
This approach would be consistent in deployment and API details with other per-KV security work, supporting environments where they might be both be employed, even stacked on some tables.
See the parent issue for more discussion.
Attachments
Attachments
Issue Links
- depends upon
-
HBASE-9962 Improve tag iteration
- Closed
- is depended upon by
-
HBASE-9884 Add Thrift and REST support for Visibility Labels
- Closed
- is related to
-
HBASE-7254 Refactor AccessController ZK-mediated permissions cache into a generic mechanism
- Closed
- relates to
-
HBASE-12346 Scan's default auths behavior under Visibility labels
- Closed
-
HBASE-9832 Add MR support for Visibility labels
- Closed
-
HBASE-12373 Provide a command to list visibility labels
- Closed
-
HBASE-12466 Document visibility scan label generator usage and behavior
- Closed