sqoop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkat Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SQOOP-1834) SQOOP 2: RBAC pluggable framework
Date Wed, 14 Jan 2015 22:52:36 GMT

    [ https://issues.apache.org/jira/browse/SQOOP-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14277838#comment-14277838
] 

Venkat Ranganathan commented on SQOOP-1834:
-------------------------------------------

I went through the high level design.  It is nicely laid out and well written.   Thanks for
writing this. 

I also discussed this with the Apache Ranger ( Argus is now called Ranger) team members [~sneethiraj]
and [~bosco].   

The current plugin approach is good for Ranger integration.  

I am not clear about the APIs yet:   For example, in the following code (from the design posted)
{code}
Override
public void createLinkPrivilige() throws SqoopAccessControlException {
    List<Principle> principles;
    principles.add(new Principle("Link", "Create"));
    principles.add(new Principle("Connector", "Use"));
    AuthorizationManager.getAuthenticationHandler.checkPrivileges(principles);
}
{code}
I see that we are defining a resource and an action on the resource and we call that a Principal
(BTW, principle should be changed to principal in the document.  I don't think  "principle"
was not the real meaning intended here).   I thought principals would be users and groups
etc (as mentioned in the design also).   May be the API needs to be refactored?

>From the design we do allow local management of users/groups and/or roles, as well as
external management of the same.   That is good.

It looks like we are calling the rold id as -rid in some command line invocations and as role-id
in others.  May be using consistent option name would help reduce confusion.

Good work!

> SQOOP 2: RBAC pluggable framework
> ---------------------------------
>
>                 Key: SQOOP-1834
>                 URL: https://issues.apache.org/jira/browse/SQOOP-1834
>             Project: Sqoop
>          Issue Type: Sub-task
>            Reporter: Richard
>            Assignee: Richard
>         Attachments: SQOOP-1834.1.patch, SQOOP-1834.patch
>
>
> Role based authorization will manager the access to the resources in Sqoop, such as connections,
links, jobs, submissions, and the modification types, like create, update, delete, run.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message