[
https://issues.apache.org/jira/browse/FALCON-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090595#comment-14090595
]
Shwetha G S commented on FALCON-464:
------------------------------------
+ if (isAuthorizationEnabled) {
+ LOG.info("Authorizing user={} against resource={}, action={},
entity name={}, "
+ + "entity type={}", CurrentUser.getUser(), resource, action,
entityName, entityType);
+ authorizationProvider.authorizeResource(resource, action,
+ entityType, entityName, CurrentUser.getProxyUgi());
+ }
Should we skip this for GET APIs. Since there is no read/write control as such,
we should atleast allow everyone to view the instance/entity status
> Enforce Authorization for REST API
> ----------------------------------
>
> Key: FALCON-464
> URL: https://issues.apache.org/jira/browse/FALCON-464
> Project: Falcon
> Issue Type: Sub-task
> Components: process
> Affects Versions: 0.6
> Reporter: Venkatesh Seetharam
> Assignee: Venkatesh Seetharam
> Labels: authorization, security
> Fix For: 0.6
>
> Attachments: FALCON-464-review.patch, FALCON-464.patch
>
>
> Only owner of entities can execute CRUD but no one else.
> Cluster and Feed entities are world-readable by default. Process entity can
> only be read by the owner and group.
> Input feeds must be readable and output feeds be writable by the process
> owner?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
