[
https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15376213#comment-15376213
]
Lili Ma commented on HAWQ-256:
------------------------------
We can extend the work from following aspects:
1. Create User Responsibility. Who is responsible for creating user? HAWQ?
Ranger? Or Both?
2. Grant privilege. Who does this? HAWQ? Ranger? Or Both?
3. Authorization Part. HAWQ call Ranger REST API? What if the calling return
value: true/false? If true, we can permit the user to access the object, If
false, shall we check HAWQ own authorization? And what should we handle for
Ranger Down case?
4. User List Register. If we have already HAWQ user list, shall we register it
to Ranger? Is registering through LDAP feasible? HAWQ-LDAP-Ranger.
5. HAWQ Grant SQL function & Internal Implementation. What kind of
objects(table/column?/database?) do we support, and what
actions(insert/select/drop) do we support?
We can do further investigation and try to find some solutions from following
aspects:
Other system implementation for Ranger. For example, Hive, HBase.
HAWQ internal grant function implementation.
> Integrate Security with Apache Ranger
> -------------------------------------
>
> Key: HAWQ-256
> URL: https://issues.apache.org/jira/browse/HAWQ-256
> Project: Apache HAWQ
> Issue Type: Wish
> Components: PXF, Security
> Reporter: Michael Andre Pearce (IG)
> Assignee: Lei Chang
> Fix For: backlog
>
>
> Integrate security with Apache Ranger for a unified Hadoop security solution.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
