sqoop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkat Ranganathan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SQOOP-1834) SQOOP 2: RBAC pluggable framework
Date Wed, 14 Jan 2015 22:52:36 GMT

    [ https://issues.apache.org/jira/browse/SQOOP-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14277838#comment-14277838

Venkat Ranganathan commented on SQOOP-1834:

I went through the high level design.  It is nicely laid out and well written.   Thanks for
writing this. 

I also discussed this with the Apache Ranger ( Argus is now called Ranger) team members [~sneethiraj]
and [~bosco].   

The current plugin approach is good for Ranger integration.  

I am not clear about the APIs yet:   For example, in the following code (from the design posted)
public void createLinkPrivilige() throws SqoopAccessControlException {
    List<Principle> principles;
    principles.add(new Principle("Link", "Create"));
    principles.add(new Principle("Connector", "Use"));
I see that we are defining a resource and an action on the resource and we call that a Principal
(BTW, principle should be changed to principal in the document.  I don't think  "principle"
was not the real meaning intended here).   I thought principals would be users and groups
etc (as mentioned in the design also).   May be the API needs to be refactored?

>From the design we do allow local management of users/groups and/or roles, as well as
external management of the same.   That is good.

It looks like we are calling the rold id as -rid in some command line invocations and as role-id
in others.  May be using consistent option name would help reduce confusion.

Good work!

> SQOOP 2: RBAC pluggable framework
> ---------------------------------
>                 Key: SQOOP-1834
>                 URL: https://issues.apache.org/jira/browse/SQOOP-1834
>             Project: Sqoop
>          Issue Type: Sub-task
>            Reporter: Richard
>            Assignee: Richard
>         Attachments: SQOOP-1834.1.patch, SQOOP-1834.patch
> Role based authorization will manager the access to the resources in Sqoop, such as connections,
links, jobs, submissions, and the modification types, like create, update, delete, run.

This message was sent by Atlassian JIRA

View raw message