You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Ted Yu (JIRA)" <ji...@apache.org> on 2014/03/28 17:48:37 UTC
[jira] [Updated] (HBASE-10863) Scan doesn't return rows for user
who has authorization by visibility label
[ https://issues.apache.org/jira/browse/HBASE-10863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-10863:
---------------------------
Description:
In secure deployment of 0.98 tip, I did:
as user hbase:
{code}
add_labels 'A'
create 'tb', 'f1'
put 'tb', 'row', 'f1:q', 'v1', {VISIBILITY=>'A'}
set_auths 'oozie', ['A']
{code}
as user oozie:
{code}
hbase(main):001:0> scan 'tb', { AUTHORIZATIONS => ['A']}
ROW COLUMN+CELL
0 row(s) in 0.1030 seconds
{code}
Here is my config:
{code}
<property>
<name>hfile.format.version</name>
<value>3</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
</property>
<property>
<name>hbase.regionserver.scan.visibility.label.generator.class</name>
<value>org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator</value>
</property>
{code}
was:
In secure deployment of 0.98 tip, I did:
as user hbase:
{code}
add_labels 'A'
create 'tb', 'f1'
put 'tb', 'row', 'f1:q', 'v1', {VISIBILITY=>'A'}
set_auths 'oozie', ['A']
{code}
as user oozie:
{code}
hbase(main):001:0> scan 'tb'
ROW COLUMN+CELL
0 row(s) in 0.1030 seconds
{code}
Here is my config:
{code}
<property>
<name>hfile.format.version</name>
<value>3</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
</property>
<property>
<name>hbase.regionserver.scan.visibility.label.generator.class</name>
<value>org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator</value>
</property>
{code}
> Scan doesn't return rows for user who has authorization by visibility label
> ---------------------------------------------------------------------------
>
> Key: HBASE-10863
> URL: https://issues.apache.org/jira/browse/HBASE-10863
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.98.1
> Reporter: Ted Yu
>
> In secure deployment of 0.98 tip, I did:
> as user hbase:
> {code}
> add_labels 'A'
> create 'tb', 'f1'
> put 'tb', 'row', 'f1:q', 'v1', {VISIBILITY=>'A'}
> set_auths 'oozie', ['A']
> {code}
> as user oozie:
> {code}
> hbase(main):001:0> scan 'tb', { AUTHORIZATIONS => ['A']}
> ROW COLUMN+CELL
> 0 row(s) in 0.1030 seconds
> {code}
> Here is my config:
> {code}
> <property>
> <name>hfile.format.version</name>
> <value>3</value>
> </property>
> <property>
> <name>hbase.coprocessor.master.classes</name>
> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
> </property>
> <property>
> <name>hbase.coprocessor.region.classes</name>
> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
> </property>
> <property>
> <name>hbase.regionserver.scan.visibility.label.generator.class</name>
> <value>org.apache.hadoop.hbase.security.visibility.DefaultScanLabelGenerator</value>
> </property>
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)