[jira] [Commented] (RANGER-924) Support Authorization and Auditing for Zookeeper

Wed, 02 Oct 2019 15:53:22 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943216#comment-16943216
 ] 

Bosco commented on RANGER-924:
------------------------------

Hi [~andorm] thanks for your interest in contributing. 

Ranger uses the plugin architecture. If you are able to call Ranger plugin at a 
point where the authorization can be called, then Ranger infrastructure will 
take care from there. Generally we ask the component to create an interface for 
their authorization implementation and make the implementation configurable. In 
this way, the existing functionality will work and anyone who wants Ranger, 
then they can change the configuration to use Ranger implementation.

Regarding Audit, Ranger takes care of it as part of its audit framework. It has 
inbuilt summary concept which scales to the performance requirements for Kakfa 
and HBase. So I feel we should be okay here.

Regarding Authentication, since Zookeeper uses Kerberos, I feel we should be 
okay. Ranger comes post authentication/connection anyway. We can discuss this 
in more detail if needed.

If you have a Ranger Service def in mind, we can start from there. I feel, it 
will follow "File" like permission. Folders/Files with read/write/delete 
permissions.

Happy to help anywhere I can.

Thanks




> Support Authorization and Auditing for Zookeeper
> ------------------------------------------------
>
>                 Key: RANGER-924
>                 URL: https://issues.apache.org/jira/browse/RANGER-924
>             Project: Ranger
>          Issue Type: Improvement
>            Reporter: Bosco
>            Priority: Major
>
> Most of the Hadoop components are storing their states in Zookeeper. And some 
> products (Kafka and Solr) are even storing security policies in Zookeeper.
> Since there are no human interaction with Zookeeper, very often, setting up 
> access controls to Zookeeper are ignored. However, it is very critical to 
> ensure that proper authorization controls are setup for Zookeeper and all 
> access are audited.
> If would be good if some familiar with Zookeeper can work on a Ranger plugin 
> for Zookeeper. Or help the Ranger team to come with the integration design.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to