Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-684

Add SQL-ish security features using HBase VisibilityController

    Details

    • Type: Task
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • old issue number:
      553

      Description

      In HBase 0.98, cell-level security will be available. See [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) overview. Once Phoenix works on 0.96, we should add support for visibility labels to our SQL grammar.

        Activity

        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 05:17:24 PM:

        The Postgres precedent is [SECURITY LABEL](http://www.postgresql.org/docs/9.1/static/sql-security-label.html).

        As with https://github.com/forcedotcom/phoenix/issues/541, to apply labels at a per-cell granularity, we can combine a similar syntax with SELECT. Phoenix would execute the query, retrieve the cells, add the CellVisibility expression provided in the statement, and store the updated cells back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 05:17:24 PM: The Postgres precedent is [SECURITY LABEL] ( http://www.postgresql.org/docs/9.1/static/sql-security-label.html ). As with https://github.com/forcedotcom/phoenix/issues/541 , to apply labels at a per-cell granularity, we can combine a similar syntax with SELECT. Phoenix would execute the query, retrieve the cells, add the CellVisibility expression provided in the statement, and store the updated cells back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 05:20:24 PM:

        assigned

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 05:20:24 PM: assigned
        Hide
        apurtell Andrew Purtell added a comment -

        The above suggestion is an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.

        Show
        apurtell Andrew Purtell added a comment - The above suggestion is an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.

          People

          • Assignee:
            Unassigned
            Reporter:
            apurtell Andrew Purtell
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:

              Development