[
https://issues.apache.org/jira/browse/HBASE-10863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ted Yu updated HBASE-10863:
---------------------------
Attachment: 10863-v2.txt
Patch v2 adopts review comments and was verified to work in a secure deployment.
> Scan doesn't return rows for user who has authorization by visibility label
> ---------------------------------------------------------------------------
>
> Key: HBASE-10863
> URL: https://issues.apache.org/jira/browse/HBASE-10863
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.98.0
> Reporter: Ted Yu
> Assignee: Ted Yu
> Fix For: 0.98.1, 0.99.0
>
> Attachments: 10863-v1.txt, 10863-v2.txt
>
>
> *In secure deployment* of 0.98 tip, I did:
> as user hbase:
> {code}
> add_labels 'A'
> create 'tb', 'f1'
> put 'tb', 'row', 'f1:q', 'v1', {VISIBILITY=>'A'}
> set_auths 'oozie', ['A']
> {code}
> as user oozie:
> {code}
> hbase(main):001:0> scan 'tb', { AUTHORIZATIONS => ['A']}
> ROW COLUMN+CELL
> 0 row(s) in 0.1030 seconds
> {code}
> Here is my config:
> {code}
> <property>
> <name>hfile.format.version</name>
> <value>3</value>
> </property>
> <property>
> <name>hbase.coprocessor.master.classes</name>
>
> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
> </property>
> <property>
> <name>hbase.coprocessor.region.classes</name>
>
> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
> </property>
> <property>
> <name>hbase.regionserver.scan.visibility.label.generator.class</name>
>
> <value>org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator</value>
> </property>
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
