You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2010/02/24 07:39:27 UTC

[jira] Updated: (HBASE-2257) [stargate] multiuser mode

     [ https://issues.apache.org/jira/browse/HBASE-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Purtell updated HBASE-2257:
----------------------------------

    Attachment: HBASE-2257.patch

Attached patch provides an alternate operating mode, which can be optionally enabled, that provides some simple user isolation. When enabled, access tokens must be added as the first element to the path. 

An access token is a 32 character hexadecimal string. They can be generated using any method but typically one would use MD5 to hash the username with salt. 

For example, where before a value may be accessed as:

{{/someTable/someRow/someColumn:qualifier}}

with multiuser mode enabled, it would be:

{{/d41d8cd98f00b204e9800998ecf8427e/someTable/someRow/someColumn:qualifier}}

Access tokens map to user accounts. This mapping is done by pluggable _authenticators_. Three authenticators are provided which support defining user accounts via 1) hbase-site.xml, 2) entries in a HBase table, or 3) entries in any data source with a JDBC driver, respectively. User accounts can have administrative privilege. They can also be temporarily disabled. 

If a user account has administrative privilege, table names given in the path are not modified. 

If a user account does not have administrative privilege, the typical case, then table names given in the path or in submitted data is transparently rewritten from {{<table>}} to {{<user-name> + "." + <table>}}, and vice versa. In this way each user has the illusion of a private namespace and one user cannot access the tables of another. 

> [stargate] multiuser mode
> -------------------------
>
>                 Key: HBASE-2257
>                 URL: https://issues.apache.org/jira/browse/HBASE-2257
>             Project: Hadoop HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.20.4
>
>         Attachments: HBASE-2257.patch
>
>
> Support an optional operating mode with simple user isolation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.