[jira] [Updated] (IMPALA-11684) Only use LDAP group filter when there is no authorization provider

Tamas Mate (Jira) Tue, 25 Oct 2022 04:57:05 -0700


     [ 
https://issues.apache.org/jira/browse/IMPALA-11684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tamas Mate updated IMPALA-11684:
--------------------------------
    Component/s: Backend
                 Frontend
                 Security

> Only use LDAP group filter when there is no authorization provider
> ------------------------------------------------------------------
>
>                 Key: IMPALA-11684
>                 URL: https://issues.apache.org/jira/browse/IMPALA-11684
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Backend, Frontend, Security
>            Reporter: Tamas Mate
>            Assignee: Tamas Mate
>            Priority: Major
>
> Impala applies the LDAP group filters during authentication which can deny 
> users even from accessing Impala. We should reconsider this decision because 
> authenticating based on groups falls into a grey area with authorization. 
> Users without group privileges could be authenticated successfully and the 
> authorization provider should handle what they can see.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (IMPALA-11684) Only use LDAP group filter when there is no authorization provider

Reply via email to