falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh Seetharam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-400) Add Authorization for Entities
Date Wed, 09 Jul 2014 18:37:05 GMT

    [ https://issues.apache.org/jira/browse/FALCON-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14056574#comment-14056574
] 

Venkatesh Seetharam commented on FALCON-400:
--------------------------------------------

* Entity Ownership
The idea here is to add ACL with owner and group for Process and Cluster entities along with
applicable validations. Feed has this already along with permissions. Not sure permissions
makes sense for Process. This captures the user/owner for a given entity.

* Enforce Authorization based on a configuration

* Listing API filters based on ownership
REST APIs should add an implicit authenticated, logged in user as an implicit filter.
As an optimization, Config Store can maintain a mapping from user to entity ownership.

* How do we honor group membership? What about permissions?

* I'd like ACL to be a mandatory element but its backwards incompatible. Any workaround for
this?
Adding a version as an attribute which defaults to oldest and enforcing in code might be one
but quite cumbersome.

Thoughts?

> Add Authorization for Entities
> ------------------------------
>
>                 Key: FALCON-400
>                 URL: https://issues.apache.org/jira/browse/FALCON-400
>             Project: Falcon
>          Issue Type: New Feature
>    Affects Versions: 0.5
>            Reporter: Venkatesh Seetharam
>
> FALCON-11 addresses authentication as part of security. This should address authorization
of entities. An entity can only be modified or deleted by the user who created this entity.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message