Adar Dembo has posted comments on this change. Change subject: [docs] Add security guide ......................................................................
Patch Set 1: (4 comments) http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc File docs/security.adoc: PS1, Line 80: For the most : part Is there any circumstances under which a token is NOT transparent? If no, then just remove "For the most part". Line 142: # OR, turn off the web UI entirely. Would be nice to reformat to emphasize this OR is vs. all of the --webserver settings and not just --webserver-private-key-password-cmd. PS1, Line 156: Long-lived Tokens:: Kudu clients do not yet automatically request fresh tokens : after initial token expiration, so long-lived clients in secure clusters are not : supported. Does this affect Impala? Or is the lifespan of a Kudu client scoped to an individual query? PS1, Line 166: Fine-grained Authorization:: Kudu does not have the ability to restrict access : based on operation type or target (table, column, etc). This is the first I'm seeing about authz; I take it some documentation on "coarse-grained authz" still needs to be added to this guide? -- To view, visit http://gerrit.cloudera.org:8080/6479 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Ambreen Kazi <ambreen.k...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Jean-Daniel Cryans <jdcry...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes