BT

HBase 0.98 Introduces Cell-based Security

by Rags Srinivas on Mar 21, 2014 |

Apache released HBase 0.98 primarily addressing convergence with Apache Accumulo via cell-based security while resolving over 230 JIRA issues. These new security features are modeled after Accumulo.

HBase and Accumulo are both Apache projects that provide a distributed data store modeled after Google’s BigTable infrastructure that run on Apache Hadoop.

A cell is the lowest addressable unit in HBase using a key. In earlier versions, cells inherited the permissions from the column family, which in turn inherited the permissions from the table.

Accumulo, which uses a similar data model, has a finer grained cell-based security model although it’s different from the conventional ACLs (Access Control Lists). The key is comprised of a label, which helps make fine-grained decisions on access to different parts of the data at the cell level. So, it’s possible to have multiple levels of information access to the same data depending on the contents of the label.

Issues HBASE-8496 and HBASE-7663 are addressed in HBase 0.98. They implement cell-based security via tags. These tags can store arbitrary Meta data, which allows extension of the ACL security model from the table to the column family to the cell. In addition, it’s possible to store visibility expressions in tags, which provide similar granularity levels for access of different pieces of information within the cell like Accumulo.

From an API perspective, a call like below would set the Access Permissions on the cell for user1.

put.setACL(“user1”, new Permission(Permission.Action.READ))

 

Andrew Purtell, a principal architect at Intel and a long-time contributor to HBase says, "With the release of Apache HBase 0.98, there is some security feature convergence happening here from the perspective of the end user. HBase has supported ACLs for a while. Now that we also support Accumulo-style visibility labels, we provide a superset of the features of both projects for our users." Purtell program managed the release, which was outlined in his cell-based security blog.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT