[jira] [Comment Edited] (HAWQ-256) Integrate Security with Apache Ranger

Hubert Zhang (JIRA) Fri, 12 Aug 2016 02:49:55 -0700

    [ 
https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418598#comment-15418598
 ]


Hubert Zhang edited comment on HAWQ-256 at 8/12/16 9:48 AM:
------------------------------------------------------------

[~bosco] [~vineetgoel] [~lilima][~wlin]
We revisited the HAWQ aclcheck related code, and found that in HAWQ support 
default acl check. When there is no acl information stored in an 
object(database, table...) catalog, different objects will have different 
default behaviours to do acl check.
But in our original REST-API design, the checkPrivileges API return bool(allow 
or deny) which lacks a state of unknown to do default acl check. Here 'unknown' 
means there is no record in ranger about this request.
So we propose two ways to handle this issue.
1 Set the type of return value of checkPrivileges to integer, 0 for deny, 1 for 
allow, 2 for unknown
2 Add another REST-API, isPrivilegeExist().

Any suggestion for which solution is better ?


was (Author: hubertzhang):
[~bosco] [~vineetgoel] [~lilima][~wlin]
We revisited the HAWQ aclcheck related code, and found that in HAWQ support 
default ack check. When there is no acl information stored in an 
object(database, table...) catalog, different objects will have different 
default behaviours to do acl check.
But in our original REST-API design, the checkPrivileges API return bool(allow 
or deny) which lacks a state of unknown to do default acl check. Here 'unknown' 
means there is no record in ranger about this request.
So we propose two ways to handle this issue.
1 Set the type of return value of checkPrivileges to integer, 0 for deny, 1 for 
allow, 2 for unknown
2 Add another REST-API, isPrivilegeExist().

Any suggestion for which solution is better ?

> Integrate Security with Apache Ranger
> -------------------------------------
>
>                 Key: HAWQ-256
>                 URL: https://issues.apache.org/jira/browse/HAWQ-256
>             Project: Apache HAWQ
>          Issue Type: New Feature
>          Components: PXF, Security
>            Reporter: Michael Andre Pearce (IG)
>            Assignee: Lili Ma
>             Fix For: backlog
>
>         Attachments: HAWQRangerSupportDesign.pdf
>
>
> Integrate security with Apache Ranger for a unified Hadoop security solution. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (HAWQ-256) Integrate Security with Apache Ranger

Reply via email to