[
https://issues.apache.org/jira/browse/HDFS-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14109744#comment-14109744
]
Daryn Sharp commented on HDFS-6826:
-----------------------------------
My position is hdfs authz (user/group/ACLs) should be authoritative in the
namespace. My suggestion for ability to fake up an ACL was a minimally
invasive compromise which I'm not fond of either. I'm not aware of another
filesystem that allows this sort of behavior. Which brings up another point of
how will these hbase/hive features work with s3 or any other filesystem?
Stepping back, let's look at the hive case. Basically it sounds like hive
needs to take ownership of files and allow efficient grant updates. Let's say
the NN allowed limited chown capabilities. When a partition is added to a hive
table, the hive server moves the file into a directory representing the table
and chowns the file to itself. Now ACLs on the table directory are used to
control access to the files. Changing a grant involves updating the table
dir's ACLs, not updating the n-many partitions representing the table. Would
this work?
> Plugin interface to enable delegation of HDFS authorization assertions
> ----------------------------------------------------------------------
>
> Key: HDFS-6826
> URL: https://issues.apache.org/jira/browse/HDFS-6826
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HDFS-6826-idea.patch, HDFS-6826-idea2.patch,
> HDFS-6826v3.patch, HDFS-6826v4.patch, HDFS-6826v5.patch, HDFS-6826v6.patch,
> HDFS-6826v7.1.patch, HDFS-6826v7.2.patch, HDFS-6826v7.patch,
> HDFS-6826v8.patch, HDFSPluggableAuthorizationProposal-v2.pdf,
> HDFSPluggableAuthorizationProposal.pdf
>
>
> When Hbase data, HiveMetaStore data or Search data is accessed via services
> (Hbase region servers, HiveServer2, Impala, Solr) the services can enforce
> permissions on corresponding entities (databases, tables, views, columns,
> search collections, documents). It is desirable, when the data is accessed
> directly by users accessing the underlying data files (i.e. from a MapReduce
> job), that the permission of the data files map to the permissions of the
> corresponding data entity (i.e. table, column family or search collection).
> To enable this we need to have the necessary hooks in place in the NameNode
> to delegate authorization to an external system that can map HDFS
> files/directories to data entities and resolve their permissions based on the
> data entities permissions.
> I’ll be posting a design proposal in the next few days.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
