hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com>
Subject Re: Hbase ACL
Date Tue, 03 May 2016 17:41:59 GMT
Hi Jason
Which version of HBase are you using?

Atleast in trunk I could see that 'OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST' is
not used rather by default CHECK_CELL_DEFAULT strategy is what getting used

Ensure that 'hbase.security.authorization' is set to true in
hbase-site.xml. If you could tell the version you are using can be much
more specific.


On Tue, May 3, 2016 at 6:22 PM, Tokayer, Jason M. <
Jason.Tokayer@capitalone.com> wrote:

> I am working on Hbase ACLs in order to lock a particular cell value for
> writes by a user for an indefinite amount of time. This same user will be
> writing to Hbase during normal program execution, and he needs to be able
> to continue to write to other cells during the single cell lock period.
> I’ve been experimenting with simple authentication (i.e. No Kerberos), and
> the plan is to extend to a Kerberized cluster once I get this working.
> First, I am able to grant ‘user-X’ read and write permissions to a
> particular namespace. In this way user-X can write to any Hbase table in
> that namespace during normal execution. What I need to be able to do next
> is to set user-X’s permissions on a particular cell to read only and have
> that take precedence over the table permissions. I found a parameter in the
> codebase here
> https://github.com/apache/hbase/blob/master/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlConstants.java,
> namely OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST, that seems to allow for this
> prioritization of cell-level over table-/column-level. But I cannot figure
> out how to set this with key OP_ATTRIBUTE_ACL_STRATEGY. Is it possible to
> set the strategy to cell-level prioritization, preferably in
> hbase-site.xml? This feature is critical to our cell-level access control.
> --
> *Warmest Regards,*
> *Jason Tokayer, PhD*
> ------------------------------
> The information contained in this e-mail is confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message