[jira] [Commented] (HDFS-6826) Plugin interface to enable delegation of HDFS authorization assertions

Mon, 11 Aug 2014 10:50:37 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14093045#comment-14093045
 ] 

Daryn Sharp commented on HDFS-6826:
-----------------------------------

I understand the motivation but there has to be a better approach.  Isn't this 
akin to a nfs server or ext4 basing its permission model on a mysql query to 
access raw mysql files?

Every external dependency introduces latency and additional HA concerns.  Tying 
up handlers, whether or not the fsn lock is held, during an operation is very 
dangerous and unacceptable for the reasons I originally cited.  Currently 
non-local edit logs, ex. shared nfs edit dir or journal node, are the only 
external dependency (I'm aware of).  This critical dependency is unavoidable 
for durability and consistency.

However, if an external service exposing data entities in hdfs uses a 
supplemental authz scheme, it should be its responsibility to arbitrate access 
if fs-level permissions are insufficient.

> Plugin interface to enable delegation of HDFS authorization assertions
> ----------------------------------------------------------------------
>
>                 Key: HDFS-6826
>                 URL: https://issues.apache.org/jira/browse/HDFS-6826
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HDFSPluggableAuthorizationProposal.pdf
>
>
> When Hbase data, HiveMetaStore data or Search data is accessed via services 
> (Hbase region servers, HiveServer2, Impala, Solr) the services can enforce 
> permissions on corresponding entities (databases, tables, views, columns, 
> search collections, documents). It is desirable, when the data is accessed 
> directly by users accessing the underlying data files (i.e. from a MapReduce 
> job), that the permission of the data files map to the permissions of the 
> corresponding data entity (i.e. table, column family or search collection).
> To enable this we need to have the necessary hooks in place in the NameNode 
> to delegate authorization to an external system that can map HDFS 
> files/directories to data entities and resolve their permissions based on the 
> data entities permissions.
> I’ll be posting a design proposal in the next few days.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to