[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045379#comment-14045379
]
Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------
Keys when created could have a special attribute 'key.acl.id'.
The KMS, when a user requests a key, it would assert that the user has access
to it by checking the specified ACL id. For this the KMS would have hot
reloadable ACLs from a key-acls.xml file and using Hadoop {{ACL}} class would
assert access to the key.
This could be implemented as a {{KeyProvider}} proxy class and it would
leverage HADOOP-10750 & HADOOP-10757.
> KMS: add ACLs on per key basis.
> -------------------------------
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
