[
https://issues.apache.org/jira/browse/OOZIE-3196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16424481#comment-16424481
]
Artem Ervits edited comment on OOZIE-3196 at 4/3/18 7:30 PM:
-------------------------------------------------------------
In order of priority:
1. Prevent UI access to private information
2. Prevent REST API access to private information
3. Prevent CLI access to private information
at the minimum this should be configurable at the oozie-site.xml level, when
Oozie is restarted.
was (Author: dbist13):
In order of priority:
1. Prevent UI access to private information
2. Prevent REST API access to private information
3. Prevent CLI access to private information
> Authorization: restrict world readability by user
> -------------------------------------------------
>
> Key: OOZIE-3196
> URL: https://issues.apache.org/jira/browse/OOZIE-3196
> Project: Oozie
> Issue Type: New Feature
> Components: bundle, coordinator, workflow
> Affects Versions: 5.0.0b1
> Reporter: Andras Piros
> Assignee: Peter Orova
> Priority: Major
>
> The [*current authorization
> model*|https://issues.apache.org/jira/browse/OOZIE-228] does not fit the
> enterprise requirements as everything is readable and writable by everyone by
> default.
> Write access can be restricted using authorization but restricting read
> rights is only possible via Yarn ACLs and HDFS rights which still does not
> prevent accessing the workflow, coordinator or bundle job’s configurations
> for everyone.
> Improve authorization so it’s possible to configure read/write access for
> workflows, coordinators, and bundles in a more granular way. Could involve
> Sentry during implementation or create and design a new system that fits the
> needs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
