[
https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15381878#comment-15381878
]
Michael Andre Pearce (IG) edited comment on HAWQ-256 at 7/18/16 8:25 AM:
-------------------------------------------------------------------------
Hi Guys,
As original person to raise this and an end user of both systems.
We use AD/LDAP for central user creation and use role groups in AD for user
security.
Atm meant we have to manually create / sync up users with the DB (HAWQ), we end
up having to rely on third party scripts :( urghhhh.
The intent was that actually we could do away with bits like:
https://github.com/larskanis/pg-ldap-sync
We use Ranger for a central way to auth and apply policies to all components in
Hadoop and use Kerberos to auth the user.
The idea or intent in the original ticket was for the user creation and ability
to secure/control tables, schema, dbs via group policies via Ranger very much
like the way it works with Hive.
The discussion seems to be going very much away from this, as such would end up
not making this feature useful for us.
I very much side more with Don here, that integration with Ranger should be to
create a uniform user space and group policy, not have separate users and group
policy grants. (I always believed this was one of the goals of ranger)
was (Author: michael.andre.pearce):
Hi Guys,
As original person to raise this and an end user of both systems.
We use AD/LDAP for central user creation and use role groups in AD for user
security.
Atm meant we have to manually create / sync up users with the DB (HAWQ), we end
up having to rely on third party scripts :( urghhhh.
The intent was that actually we could do away with bits like:
https://github.com/larskanis/pg-ldap-sync
We use Ranger for a central way to auth and apply policies to all components in
Hadoop and use Kerberos to auth the user.
The idea or intent in the original ticket was for the user creation and ability
to secure/control tables, schema, dbs via group policies via Ranger very much
like the way it works with Hive.
The discussion seems to be going very much away from this, as such would end up
not making this feature useful for us.
> Integrate Security with Apache Ranger
> -------------------------------------
>
> Key: HAWQ-256
> URL: https://issues.apache.org/jira/browse/HAWQ-256
> Project: Apache HAWQ
> Issue Type: New Feature
> Components: PXF, Security
> Reporter: Michael Andre Pearce (IG)
> Assignee: Lili Ma
> Fix For: backlog
>
>
> Integrate security with Apache Ranger for a unified Hadoop security solution.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
