falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkat Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FALCON-1367) Improve the ACL handling in Falcon
Date Tue, 04 Aug 2015 14:40:04 GMT

     [ https://issues.apache.org/jira/browse/FALCON-1367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Venkat Ranganathan updated FALCON-1367:
    Summary: Improve the ACL handling in Falcon  (was: Fix the ACL handling in Falcon)

> Improve the ACL handling in Falcon
> ----------------------------------
>                 Key: FALCON-1367
>                 URL: https://issues.apache.org/jira/browse/FALCON-1367
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Venkat Ranganathan
> Currently the ACL element is part of the entity and has the owner and group specified
in it.   The owner of the entity is used as the proxy user of the entity. 
> This seems problematic.   We don't want to embed authorization of a resource inside a
resource.    Also,  scheduling an entity by a user should be independent of the owner as whom
it runs (The proxy user work that [~sowmyaramesh] is adding a doAs capability)
> Moving it out of the entity will allow authorization managers like Apache Ranger to manage
the authorization of the entities.
> We want to 
>     # deprecate the use of ACL inside the entity by making it optional
>     # Allow the owner and group of an entity to be managed separately (either by Falcon
or controlled via a plugin by Authorization managers)
>     # Identity and fix the permission models (only superuser or owner can change permissions

This message was sent by Atlassian JIRA

View raw message