You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Mike Thomsen <mi...@gmail.com> on 2017/06/29 17:03:57 UTC

HBase security label support

Are there any plans for implementing HBase security labels?

Thanks,

Mike

Re: HBase security label support

Posted by Mike Thomsen <mi...@gmail.com>.

I started working on this and have PutHBaseCell, PutHBaseJSON and
FetchHBaseRow working with it. I'm following a loose convention that goes
like this:

1. Option of sane default for visibility boolean string where appropriate,
but the string is not required.
2. User defines the list of tokens that will be used for the scans and gets
so they can control how much of the acceptable range is used (this will be
customizable with EL).
3. For JSON data, attributes that follow visibility.COL_FAM.COL_QUAL =
X&(Y|Z) is how it'll let the user define different statements for each
column.
4. For records, I plan to put a record path property where a user can
specify a simple Map<String> in Avro that would provide the equivalent of
#3 for records, but would not be added to the Puts.

Our environment doesn't have Kerberos enabled. We're just using OS users
and manual set_auths to define who can see what in HBase. I don't expect
it'll make a difference to NiFi for users that have Kerberos set up
properly.

Thanks,

Mike

On Thu, Jun 29, 2017 at 1:25 PM, Bryan Bende <bb...@gmail.com> wrote:

> Mike,
>
> I don't know of any work being done or any JIRAs that exist for this,
> but seems like it would be good to support them. Most likely its just
> that no one has asked for it yet.
>
> I'd go ahead and create a JIRA, or if you were planning to incorporate
> it into the HBase record processors then that sounds good too.
>
> Thanks,
>
> Bryan
>
> On Thu, Jun 29, 2017 at 1:03 PM, Mike Thomsen <mi...@gmail.com>
> wrote:
> > Are there any plans for implementing HBase security labels?
> >
> > Thanks,
> >
> > Mike
>

Re: HBase security label support

Posted by Bryan Bende <bb...@gmail.com>.

Mike,

I don't know of any work being done or any JIRAs that exist for this,
but seems like it would be good to support them. Most likely its just
that no one has asked for it yet.

I'd go ahead and create a JIRA, or if you were planning to incorporate
it into the HBase record processors then that sounds good too.

Thanks,

Bryan

On Thu, Jun 29, 2017 at 1:03 PM, Mike Thomsen <mi...@gmail.com> wrote:
> Are there any plans for implementing HBase security labels?
>
> Thanks,
>
> Mike