[jira] [Comment Edited] (HAWQ-256) Integrate Security with Apache Ranger

Sun, 14 Aug 2016 18:41:31 -0700 

    [ 
https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15420550#comment-15420550
 ] 

Hubert Zhang edited comment on HAWQ-256 at 8/15/16 1:40 AM:
------------------------------------------------------------

[~bosco]You suggest to replace Application(HAWQ) default ACL from application 
internal to Ranger policy too. It's another way to handle this problem. I have 
two questions:
1 Group "public" is a default internal type group in Ranger, I wonder whether 
the users synced from ldap belong to group "public" automatically?
2 Ranger 0.6 introduces deny condition,  So even if a user inherits default 
privilege from group "public", It can also be revoked with specific deny 
operation. But how about Ranger 0.5? One method is to remove the user from 
"public" group. But the limitation of this method is that we have to create 
"public" group for each resource, and assign the new users(synced from ldap) to 
these groups.




was (Author: hubertzhang):
[~bosco]You suggest to replace Application(HAWQ) default ACL from application 
internal to Ranger policy too. It's another way to handle this problem. I have 
two questions:
1 Group "public" is a default internal type group in Ranger, I wonder whether 
the users synced from ldap belong to group "public" automatically?
2 Ranger 0.6 introduces deny condition,  So even if a user inherits default 
privilege from group "public", It can also be revoked with specific deny 
operation. But how about Ranger 0.5? One method is to remove the user from 
"public" group. But the limitation of this method is that we have to create 
"public" group for each resource, and assign the new users(synced from ldap) to 
this group.



> Integrate Security with Apache Ranger
> -------------------------------------
>
>                 Key: HAWQ-256
>                 URL: https://issues.apache.org/jira/browse/HAWQ-256
>             Project: Apache HAWQ
>          Issue Type: New Feature
>          Components: PXF, Security
>            Reporter: Michael Andre Pearce (IG)
>            Assignee: Lili Ma
>             Fix For: backlog
>
>         Attachments: HAWQRangerSupportDesign.pdf
>
>
> Integrate security with Apache Ranger for a unified Hadoop security solution. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to