HBase 0.98 Introduces Cell-based Security

| by Rags Srinivas Follow 11 Followers on Mar 21, 2014. Estimated reading time: 1 minute |

Apache released HBase 0.98 primarily addressing convergence with Apache Accumulo via cell-based security while resolving over 230 JIRA issues. These new security features are modeled after Accumulo.

HBase and Accumulo are both Apache projects that provide a distributed data store modeled after Google’s BigTable infrastructure that run on Apache Hadoop.

A cell is the lowest addressable unit in HBase using a key. In earlier versions, cells inherited the permissions from the column family, which in turn inherited the permissions from the table.

Accumulo, which uses a similar data model, has a finer grained cell-based security model although it’s different from the conventional ACLs (Access Control Lists). The key is comprised of a label, which helps make fine-grained decisions on access to different parts of the data at the cell level. So, it’s possible to have multiple levels of information access to the same data depending on the contents of the label.

Issues HBASE-8496 and HBASE-7663 are addressed in HBase 0.98. They implement cell-based security via tags. These tags can store arbitrary Meta data, which allows extension of the ACL security model from the table to the column family to the cell. In addition, it’s possible to store visibility expressions in tags, which provide similar granularity levels for access of different pieces of information within the cell like Accumulo.

From an API perspective, a call like below would set the Access Permissions on the cell for user1.

put.setACL(“user1”, new Permission(Permission.Action.READ))


Andrew Purtell, a principal architect at Intel and a long-time contributor to HBase says, "With the release of Apache HBase 0.98, there is some security feature convergence happening here from the perspective of the end user. HBase has supported ACLs for a while. Now that we also support Accumulo-style visibility labels, we provide a superset of the features of both projects for our users." Purtell program managed the release, which was outlined in his cell-based security blog.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you