[
https://issues.apache.org/jira/browse/NIFI-4637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16452104#comment-16452104
]
ASF GitHub Bot commented on NIFI-4637:
--------------------------------------
Github user bbende commented on the issue:
https://github.com/apache/nifi/pull/2518
@MikeThomsen @ijokarumawak I haven't looked at how Hbase visibility labels
work compared to Accumulo, but in Accumulo you pass in the authorizations for
an operations which are then compared against the visibility strings on each
cell. The authorizations on the operation usually come from authenticating an
end-user against LDAP and then running an operation on their behalf.
When scanning cells for the current operation, if the passed in
authorizations don't meet the visiblity string for a given cell, then it is as
if this cell doesn't exist. So if you were issuing a delete on behalf of an
end-user, I would expect they can only delete cells that are visible to them
based on their authorizations.
Curious to hear that Josh has to say.
> Add support for HBase visibility labels to HBase processors and controller
> services
> -----------------------------------------------------------------------------------
>
> Key: NIFI-4637
> URL: https://issues.apache.org/jira/browse/NIFI-4637
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Mike Thomsen
> Assignee: Mike Thomsen
> Priority: Major
>
> HBase supports visibility labels, but you can't use them from NiFi because
> there is no way to set them. The existing processors and services should be
> upgraded to handle this capability.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
