[
https://issues.apache.org/jira/browse/FALCON-1367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Venkat Ranganathan updated FALCON-1367:
---------------------------------------
Summary: Improve the ACL handling in Falcon (was: Fix the ACL handling in
Falcon)
> Improve the ACL handling in Falcon
> ----------------------------------
>
> Key: FALCON-1367
> URL: https://issues.apache.org/jira/browse/FALCON-1367
> Project: Falcon
> Issue Type: Bug
> Reporter: Venkat Ranganathan
>
> Currently the ACL element is part of the entity and has the owner and group
> specified in it. The owner of the entity is used as the proxy user of the
> entity.
> This seems problematic. We don't want to embed authorization of a resource
> inside a resource. Also, scheduling an entity by a user should be
> independent of the owner as whom it runs (The proxy user work that
> [~sowmyaramesh] is adding a doAs capability)
> Moving it out of the entity will allow authorization managers like Apache
> Ranger to manage the authorization of the entities.
> We want to
> # deprecate the use of ACL inside the entity by making it optional
> # Allow the owner and group of an entity to be managed separately (either
> by Falcon or controlled via a plugin by Authorization managers)
> # Identity and fix the permission models (only superuser or owner can
> change permissions etc)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
