falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ajay Yadava (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1367) Improve the ACL handling in Falcon
Date Tue, 04 Aug 2015 19:07:05 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14654171#comment-14654171
] 

Ajay Yadava commented on FALCON-1367:
-------------------------------------

+1. This will be very useful. 

> Improve the ACL handling in Falcon
> ----------------------------------
>
>                 Key: FALCON-1367
>                 URL: https://issues.apache.org/jira/browse/FALCON-1367
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Venkat Ranganathan
>
> Currently the ACL element is part of the entity and has the owner and group specified
in it.   The owner of the entity is used as the proxy user of the entity. 
> This seems problematic.   We don't want to embed authorization of a resource inside a
resource.    Also,  scheduling an entity by a user should be independent of the owner as whom
it runs (The proxy user work that [~sowmyaramesh] is adding a doAs capability)
> Moving it out of the entity will allow authorization managers like Apache Ranger to manage
the authorization of the entities.
> We want to 
>     # deprecate the use of ACL inside the entity by making it optional
>     # Allow the owner and group of an entity to be managed separately (either by Falcon
or controlled via a plugin by Authorization managers)
>     # Identity and fix the permission models (only superuser or owner can change permissions
etc)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message