[ https://issues.apache.org/jira/browse/HADOOP-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572540#comment-14572540 ]
Dian Fu commented on HADOOP-11335: ---------------------------------- Hi [~asuresh], As discussed offline, I have rebased the code. Really thanks for taking time on this JIRA. Thanks a lot. > KMS ACL in meta data or database > -------------------------------- > > Key: HADOOP-11335 > URL: https://issues.apache.org/jira/browse/HADOOP-11335 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Affects Versions: 2.6.0 > Reporter: Jerry Chen > Assignee: Dian Fu > Labels: BB2015-05-TBR, Security > Attachments: HADOOP-11335.001.patch, HADOOP-11335.002.patch, > HADOOP-11335.003.patch, HADOOP-11335.004.patch, HADOOP-11335.005.patch, > HADOOP-11335.006.patch, HADOOP-11335.007.patch, HADOOP-11335.008.patch, > HADOOP-11335.re-design.patch, KMS ACL in metadata or database.pdf > > Original Estimate: 504h > Remaining Estimate: 504h > > Currently Hadoop KMS has implemented ACL for keys and the per key ACL are > stored in the configuration file kms-acls.xml. > The management of ACL in configuration file would not be easy in enterprise > usage and it is put difficulties for backup and recovery. > It is ideal to store the ACL for keys in the key meta data similar to what > file system ACL does. In this way, the backup and recovery that works on > keys should work for ACL for keys too. > On the other hand, with the ACL in meta data, the ACL of each key can be > easily manipulate with API or command line tool and take effect instantly. > This is very important for enterprise level access control management. This > feature can be addressed by separate JIRA. While with the configuration file, > these would be hard to provide. -- This message was sent by Atlassian JIRA (v6.3.4#6332)