Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-684

Add SQL-ish security features using HBase VisibilityController

    Details

    • Type: Task
    • Status: Reopened
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • old issue number:
      553

      Description

      In HBase 0.98, cell-level security will be available. See [this](https://communities.intel.com/community/datastack/blog/2013/10/29/hbase-cell-security) overview. Once Phoenix works on 0.96, we should add support for visibility labels to our SQL grammar.

        Activity

        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 05:17:24 PM:

        The Postgres precedent is [SECURITY LABEL](http://www.postgresql.org/docs/9.1/static/sql-security-label.html).

        As with https://github.com/forcedotcom/phoenix/issues/541, to apply labels at a per-cell granularity, we can combine a similar syntax with SELECT. Phoenix would execute the query, retrieve the cells, add the CellVisibility expression provided in the statement, and store the updated cells back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 05:17:24 PM: The Postgres precedent is [SECURITY LABEL] ( http://www.postgresql.org/docs/9.1/static/sql-security-label.html ). As with https://github.com/forcedotcom/phoenix/issues/541 , to apply labels at a per-cell granularity, we can combine a similar syntax with SELECT. Phoenix would execute the query, retrieve the cells, add the CellVisibility expression provided in the statement, and store the updated cells back at their exact coordinates. Can be done in a coprocessor or filter to avoid any round trips over the network.
        Hide
        pctony Tony Stevenson added a comment -

        Comment:apurtell:11/14/13 05:20:24 PM:

        assigned

        Show
        pctony Tony Stevenson added a comment - Comment:apurtell:11/14/13 05:20:24 PM: assigned
        Hide
        apurtell Andrew Purtell added a comment -

        The above suggestion is an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.

        Show
        apurtell Andrew Purtell added a comment - The above suggestion is an out of band application of security metadata. For setting security metadata per cell - if we are going to tackle that - with immediate effect we need some way in DML (UPSERT, INSERT, etc) to associate metadata with value in the value list, or applied to all results of a subselect.
        Hide
        karanmehta93 Karan Mehta added a comment -

        Dupe of PHOENIX-672?

        Show
        karanmehta93 Karan Mehta added a comment - Dupe of PHOENIX-672 ?
        Hide
        jamestaylor James Taylor added a comment -

        Duplicate of PHOENIX-672

        Show
        jamestaylor James Taylor added a comment - Duplicate of PHOENIX-672
        Hide
        tdsilva Thomas D'Silva added a comment -

        PHOENIX-672 allows you to grant/revoke permissions on globally or on namespaces or tables. I think this jira is about applying permissions at the cell level.

        Show
        tdsilva Thomas D'Silva added a comment - PHOENIX-672 allows you to grant/revoke permissions on globally or on namespaces or tables. I think this jira is about applying permissions at the cell level.
        Hide
        ram_krish ramkrishna.s.vasudevan added a comment -

        This JIRA is about cell level visibility using visibility labels. Users associated with the specific visibility labels will have the access to those cells. Those visibility expressions can be created using '&, | and !' symbols.

        Show
        ram_krish ramkrishna.s.vasudevan added a comment - This JIRA is about cell level visibility using visibility labels. Users associated with the specific visibility labels will have the access to those cells. Those visibility expressions can be created using '&, | and !' symbols.

          People

          • Assignee:
            Unassigned
            Reporter:
            apurtell Andrew Purtell
          • Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

            • Created:
              Updated:

              Development