ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bosco (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-924) Support Authorization and Auditing for Zookeeper
Date Wed, 02 Oct 2019 22:53:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943216#comment-16943216
] 

Bosco commented on RANGER-924:
------------------------------

Hi [~andorm] thanks for your interest in contributing. 

Ranger uses the plugin architecture. If you are able to call Ranger plugin at a point where
the authorization can be called, then Ranger infrastructure will take care from there. Generally
we ask the component to create an interface for their authorization implementation and make
the implementation configurable. In this way, the existing functionality will work and anyone
who wants Ranger, then they can change the configuration to use Ranger implementation.

Regarding Audit, Ranger takes care of it as part of its audit framework. It has inbuilt summary
concept which scales to the performance requirements for Kakfa and HBase. So I feel we should
be okay here.

Regarding Authentication, since Zookeeper uses Kerberos, I feel we should be okay. Ranger
comes post authentication/connection anyway. We can discuss this in more detail if needed.

If you have a Ranger Service def in mind, we can start from there. I feel, it will follow
"File" like permission. Folders/Files with read/write/delete permissions.

Happy to help anywhere I can.

Thanks




> Support Authorization and Auditing for Zookeeper
> ------------------------------------------------
>
>                 Key: RANGER-924
>                 URL: https://issues.apache.org/jira/browse/RANGER-924
>             Project: Ranger
>          Issue Type: Improvement
>            Reporter: Bosco
>            Priority: Major
>
> Most of the Hadoop components are storing their states in Zookeeper. And some products
(Kafka and Solr) are even storing security policies in Zookeeper.
> Since there are no human interaction with Zookeeper, very often, setting up access controls
to Zookeeper are ignored. However, it is very critical to ensure that proper authorization
controls are setup for Zookeeper and all access are audited.
> If would be good if some familiar with Zookeeper can work on a Ranger plugin for Zookeeper.
Or help the Ranger team to come with the integration design.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message