Jerry Chen created HADOOP-11335:
-----------------------------------
Summary: KMS ACL in meta data or database
Key: HADOOP-11335
URL: https://issues.apache.org/jira/browse/HADOOP-11335
Project: Hadoop Common
Issue Type: Improvement
Components: kms
Affects Versions: trunk-win
Reporter: Jerry Chen
Currently Hadoop KMS has implemented ACL for keys and the per key ACL are
stored in the configuration file kms-acls.xml.
The management of ACL in configuration file would not be easy in enterprise
usage and it is put difficulties for backup and recovery.
It is ideal to store the ACL for keys in the key meta data similar to what file
system ACL does. In this way, the backup and recovery that works on keys
should work for ACL for keys too.
On the other hand, with the ACL in meta data, the ACL of each key can be easily
manipulate with API or command line tool and take effect instantly. This is
very important for enterprise level access control management. This feature
can be addressed by separate JIRA. While with the configuration file, these
would be hard to provide.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
