[
https://issues.apache.org/jira/browse/FALCON-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14056574#comment-14056574
]
Venkatesh Seetharam commented on FALCON-400:
--------------------------------------------
* Entity Ownership
The idea here is to add ACL with owner and group for Process and Cluster
entities along with applicable validations. Feed has this already along with
permissions. Not sure permissions makes sense for Process. This captures the
user/owner for a given entity.
* Enforce Authorization based on a configuration
* Listing API filters based on ownership
REST APIs should add an implicit authenticated, logged in user as an implicit
filter.
As an optimization, Config Store can maintain a mapping from user to entity
ownership.
* How do we honor group membership? What about permissions?
* I'd like ACL to be a mandatory element but its backwards incompatible. Any
workaround for this?
Adding a version as an attribute which defaults to oldest and enforcing in code
might be one but quite cumbersome.
Thoughts?
> Add Authorization for Entities
> ------------------------------
>
> Key: FALCON-400
> URL: https://issues.apache.org/jira/browse/FALCON-400
> Project: Falcon
> Issue Type: New Feature
> Affects Versions: 0.5
> Reporter: Venkatesh Seetharam
>
> FALCON-11 addresses authentication as part of security. This should address
> authorization of entities. An entity can only be modified or deleted by the
> user who created this entity.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
