[ https://issues.apache.org/jira/browse/HBASE-13283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14370883#comment-14370883 ]
Srikanth Srungarapu commented on HBASE-13283: --------------------------------------------- [~apurtell] You might have used wrong jira number while making the commit. The commit(38286ec3a0d39f4a14777a81a99024bc8266c8d7) has the following changes {code} +Groups can be granted visibility labels the same way as users. Groups are prefixed with an @ symbol. When checking visibility labels of a user, the server wi +When the visibility labels are retrieved using API `VisibilityClient#getAuths` or Shell command `get_auths` for a user, we will return labels added specifica + Visibility label access checking is performed by the VisibilityController coprocessor. You can use interface `VisibilityLabelService` to provide a custom implementation and/or control the way that visibility labels are stored with cells. See the source file _hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java_ for one @@ -1171,12 +1174,16 @@ hbase> set_auths 'service', [ 'service' ] ---- ---- -gbase> set_auths 'testuser', [ 'test' ] +hbase> set_auths 'testuser', [ 'test' ] ---- ---- hbase> set_auths 'qa', [ 'test', 'developer' ] ---- + +---- +hbase> set_auths '@qagroup', [ 'test' ] +---- ==== + .Java API @@ -1213,6 +1220,10 @@ hbase> clear_auths 'testuser', [ 'test' ] ---- hbase> clear_auths 'qa', [ 'test', 'developer' ] ---- + +---- +hbase> clear_auths '@qagroup', [ 'test', 'developer' ] +---- {code} > Document the steps for rolling back the security on hbase. > ---------------------------------------------------------- > > Key: HBASE-13283 > URL: https://issues.apache.org/jira/browse/HBASE-13283 > Project: HBase > Issue Type: Sub-task > Reporter: Srikanth Srungarapu > Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.12 > > > Would be great to document the steps the user should follow to rollback the > security. The following are > * shutdown hbase > * run hbase clean up script with --cleanAcls introduced in HBASE-13162. > * remove from the hbase-site.xml conf > {code} > hbase.security.authentication > hbase.regionserver.kerberos.principal > hbase.regionserver.keytab.file > hbase.master.kerberos.principal > hbase.master.keytab.file > {code} > * Removing AccessController coprocessors from hbase-site.xml > * Address "hbase.security.authorization" based on outcome of HBASE-13275. > cc: [~misty] -- This message was sent by Atlassian JIRA (v6.3.4#6332)