[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15376213#comment-15376213 ]
Lili Ma commented on HAWQ-256: ------------------------------ We can extend the work from following aspects: 1. Create User Responsibility. Who is responsible for creating user? HAWQ? Ranger? Or Both? 2. Grant privilege. Who does this? HAWQ? Ranger? Or Both? 3. Authorization Part. HAWQ call Ranger REST API? What if the calling return value: true/false? If true, we can permit the user to access the object, If false, shall we check HAWQ own authorization? And what should we handle for Ranger Down case? 4. User List Register. If we have already HAWQ user list, shall we register it to Ranger? Is registering through LDAP feasible? HAWQ-LDAP-Ranger. 5. HAWQ Grant SQL function & Internal Implementation. What kind of objects(table/column?/database?) do we support, and what actions(insert/select/drop) do we support? We can do further investigation and try to find some solutions from following aspects: Other system implementation for Ranger. For example, Hive, HBase. HAWQ internal grant function implementation. > Integrate Security with Apache Ranger > ------------------------------------- > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: Wish > Components: PXF, Security > Reporter: Michael Andre Pearce (IG) > Assignee: Lei Chang > Fix For: backlog > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)