[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Release Note:
VisibilityClient API and shell commands can be used to grant and clear
visibility authorizations of a group.
e.g.
set_auths '@group1', ['SECRET','PRIVATE']
get_auths '@group1'
clear_auths '@group1', ['SECRET','PRIVATE']
When checking visibility authorizations of a user, the server will include the
visibility authorizations of the groups of which the user is a member, together
with the user's own.
On the other hand, get_auths 'user1' will only get user1's own visibility
authorizations.
clear_auths 'user1' will only clear user1's own visibility authorizations.
The visibility authorizations of a group can be changed by invoking the API or
command on the '@group1' itself.
Note:
The following two methods have been deprecated in VisibilityLabelService from
0.98.10 and will be removed in 2.0+ releases.
getAuths(byte[], boolean)
havingSystemAuth(byte[])
Use the following methods instead:
getUserAuths(byte[], boolean)
getGroupAuths(String[], boolean)
havingSystemAuth(User)
was:
VisibilityClient API and shell commands can be used to grant and clear
visibility authorizations of a group.
e.g.
set_auths '@group1', ['SECRET','PRIVATE']
get_auths '@group1'
clear_auths '@group1', ['SECRET','PRIVATE']
When checking visibility authorizations of a user, the server will include the
visibility authorizations of the groups of which the user is a member, together
with the user's own.
On the other hand, get_auths 'user1' will only get user1's own visibility
authorizations.
clear_auths 'user1' will only clear user1's own visibility authorizations.
The visibility authorizations of a group can be changed by invoking the API or
command on the '@group1' itself.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch, hbase-12745_branch-1-addendum.patch,
> hbase-12745_branch-1-addendum2.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anoop Sam John updated HBASE-12745:
---
Attachment: hbase-12745_branch-1-addendum2.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch, hbase-12745_branch-1-addendum.patch,
> hbase-12745_branch-1-addendum2.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enis Soztutar updated HBASE-12745:
--
Attachment: hbase-12745_branch-1-addendum.patch
Thanks [~busbey], [~apurtell] for bringing this up. I had not noticed that the
0.98 indeed keeps the methods deprecated. We can just commit the attached
addendum to branch-1 which should be enough to keep BC between 0.98 -> 1.0 for
these methods.
It should not be a maintenance burden, since it is just two extra methods. I'll
commit this shortly unless I hear otherwise.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch, hbase-12745_branch-1-addendum.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Release Note:
VisibilityClient API and shell commands can be used to grant and clear
visibility authorizations of a group.
e.g.
set_auths '@group1', ['SECRET','PRIVATE']
get_auths '@group1'
clear_auths '@group1', ['SECRET','PRIVATE']
When checking visibility authorizations of a user, the server will include the
visibility authorizations of the groups of which the user is a member, together
with the user's own.
On the other hand, get_auths 'user1' will only get user1's own visibility
authorizations.
clear_auths 'user1' will only clear user1's own visibility authorizations.
The visibility authorizations of a group can be changed by invoking the API or
command on the '@group1' itself.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anoop Sam John updated HBASE-12745:
---
Resolution: Fixed
Fix Version/s: 1.1.0
0.98.10
1.0.0
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Pushed to 0.98+ branches. Thanks for the excellent work Jerry. Mind adding a
Release Note?
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-v7-0.98-with-update.patch
Attached v7-0.98-with-update.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch,
> HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-v7-0.98.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: (was: HBASE-12745-v7-0.98.patch)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-v7-0.98.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-v7-branch1.patch
HBASE-12745-master-v7.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
> HBASE-12745-v7-branch1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: (was: HBASE-12745-master-v7.patch)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: (was: HBASE-12745-branch-1-v7.patch)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-branch-1-v7.patch
HBASE-12745-master-v7.patch
Thanks, folks!
Attached v7 that does what Anoop suggested in the his comment.
Also for branch-1. @Category(SecurityTests.class) is not in brannch-1, and has
to be removed in the new test case.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-branch-1-v7.patch,
> HBASE-12745-master-v1.patch, HBASE-12745-master-v2.patch,
> HBASE-12745-master-v3.patch, HBASE-12745-master-v4.patch,
> HBASE-12745-master-v5.patch, HBASE-12745-master-v6.patch,
> HBASE-12745-master-v7.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v6.patch
V6 -- A minor update based on suggestion from Anoop.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch,
> HBASE-12745-master-v6.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v5.patch
I just realized the use of deprecaded HTable constructor had been cleaned in
the test cases.
Trivial update in v5 patch that removed use of HTable constructor in the new
test case.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v4.patch
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: (was: HBASE-12745-master-v4.patch)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v4.patch
Attached master-v4 to address Anoop's comment.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
> HBASE-12745-master-v4.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v3.patch
Attached master-v3 that addressed the long lines.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch,
> HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v2.patch
Attached v2 patch:
Addressed comments from the review board;
Minor misc enhancements.
Enhanced the new test cases.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch, HBASE-12745-master-v2.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Fix Version/s: 2.0.0
Status: Patch Available (was: Open)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 0.99.2, 0.98.9, 1.0.0
>Reporter: Jerry He
>Assignee: Jerry He
> Fix For: 2.0.0
>
> Attachments: HBASE-12745-master-v1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Attachment: HBASE-12745-master-v1.patch
Attached v1 patch.
A brief explanation of the design:
1) The group's visibility labels are persisted in the label table the same way
as users. The entry key is '@group_name'
2) The group entries are dynamically interpreted and and kept in cash.
3) All server side visibility labels get and check will apply to both user and
the groups that the user belongs to.
4) But client side get_auths call will only get the result explicit for that
user only or for that group (if parameter is @group) only.
5) Client side clear_auths call can only clear explicit for that user without
expansion to implicit group rights.
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
> Attachments: HBASE-12745-master-v1.patch
>
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
[
https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry He updated HBASE-12745:
-
Summary: Visibility Labels: support visibility labels for user groups.
(was: Visibility Labels: Support user groups visibility labels.)
> Visibility Labels: support visibility labels for user groups.
> --
>
> Key: HBASE-12745
> URL: https://issues.apache.org/jira/browse/HBASE-12745
> Project: HBase
> Issue Type: Improvement
> Components: security
>Affects Versions: 1.0.0, 0.98.9, 0.99.2
>Reporter: Jerry He
>Assignee: Jerry He
>
> The thinking is that we should support visibility labels to be associated
> with user groups.
> We will then be able grant visibility labels to a group in addition to
> individual users, which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in
> AcccessController.
> For example,
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to
> 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
