I have been researching how our product can use namespaces to aid in multi-tenancy support. For example, I have 3 tenants that need to be isolated from each other. Ideally, each tenant would have its own namespace and its own set of permissions applied. What I would also like to do is integrate HDFS encryption with namespaces. That is, each namespace would reside in its own encryption zone and only be accessible through each zone's encryption key.
Is this possible? From the documentation I have been reading, it is recommended that all HBase data be in a single encryption zone. So this would preclude the ability to create different zones for each namespace. If this is not possible, is there any plans to add this support in the future? If we can't use HDFS encryption zones, is there any way to isolate each tenants data through some other encryption mechanism? Regards, Roberta Marton
