Andras Piros created OOZIE-3196:
-----------------------------------
Summary: Authorization: restrict world readability by user
Key: OOZIE-3196
URL: https://issues.apache.org/jira/browse/OOZIE-3196
Project: Oozie
Issue Type: New Feature
Components: bundle, coordinator, workflow
Affects Versions: 5.0.0b1
Reporter: Andras Piros
The [*current authorization
model*|https://issues.apache.org/jira/browse/OOZIE-228] does not fit the
enterprise requirements as everything is readable and writable by everyone by
default.
Write access can be restricted using authorization but restricting read rights
is only possible via Yarn ACLs and HDFS rights which still does not prevent
accessing the workflow, coordinator or bundle job’s configurations for everyone.
Improve authorization so it’s possible to configure read/write access for
workflows, coordinators, and bundles in a more granular way. Could involve
Sentry during implementation or create and design a new system that fits the
needs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
