[
https://issues.apache.org/jira/browse/HDFS-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HDFS-6826:
-------------------------------------
Attachment: HDFS-6826v8.patch
@daryn,
Thanks for following up on this.
I really like your suggestion of using 'additional’ immutable ACLs to expose
external permissions. I’ve made a version of the patch to see how it would work
(see attachment HDFS-6826v8.patch).
But I still have a couple of issues I’m not sure how to address them with your
proposed approach:
*Permissions remain settable in 2 places for 'table files'*, HDFS and the
HiveMetaStore authorization source (i.e. Sentry). One of the motivations was to
have a single source of permissions for 'table files’. I can constraint this to
regular permissions (by having the plugin fully redacting the ACLs), but still
I have 2 sources of authorization. Maybe being able to redact the regular
permissions as well? (though you are advocating against that).
*It is not possible to do a hand over*, with the previous proposals when a file
was added to a table, the owner of the file would become hive:hive. If the
original owner did not have GRANTs to the file, then s/he would not have access
anymore. With your proposed approach, this is not possible as original owner
remains.
We also lose the capability of changing the 'permission check' logic Jitendra
and Selvamohan wanted.
Thoughts?
> Plugin interface to enable delegation of HDFS authorization assertions
> ----------------------------------------------------------------------
>
> Key: HDFS-6826
> URL: https://issues.apache.org/jira/browse/HDFS-6826
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HDFS-6826-idea.patch, HDFS-6826-idea2.patch,
> HDFS-6826v3.patch, HDFS-6826v4.patch, HDFS-6826v5.patch, HDFS-6826v6.patch,
> HDFS-6826v7.1.patch, HDFS-6826v7.2.patch, HDFS-6826v7.patch,
> HDFS-6826v8.patch, HDFSPluggableAuthorizationProposal-v2.pdf,
> HDFSPluggableAuthorizationProposal.pdf
>
>
> When Hbase data, HiveMetaStore data or Search data is accessed via services
> (Hbase region servers, HiveServer2, Impala, Solr) the services can enforce
> permissions on corresponding entities (databases, tables, views, columns,
> search collections, documents). It is desirable, when the data is accessed
> directly by users accessing the underlying data files (i.e. from a MapReduce
> job), that the permission of the data files map to the permissions of the
> corresponding data entity (i.e. table, column family or search collection).
> To enable this we need to have the necessary hooks in place in the NameNode
> to delegate authorization to an external system that can map HDFS
> files/directories to data entities and resolve their permissions based on the
> data entities permissions.
> I’ll be posting a design proposal in the next few days.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
