[
https://issues.apache.org/jira/browse/IMPALA-11684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623788#comment-17623788
]
Tamas Mate commented on IMPALA-11684:
-------------------------------------
What do you think about the above proposal [~csringhofer]?
> Only use LDAP group filter when there is no authorization provider
> ------------------------------------------------------------------
>
> Key: IMPALA-11684
> URL: https://issues.apache.org/jira/browse/IMPALA-11684
> Project: IMPALA
> Issue Type: Improvement
> Components: Backend, Frontend, Security
> Reporter: Tamas Mate
> Assignee: Tamas Mate
> Priority: Major
>
> Impala applies the LDAP group filters during authentication which can deny
> users even from accessing Impala. We should reconsider this decision because
> authenticating based on groups falls into a grey area with authorization.
> Users without group privileges could be authenticated successfully and the
> authorization provider should handle what they can see.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
