[ https://issues.apache.org/jira/browse/HDDS-3617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17114262#comment-17114262 ]
Xiaoyu Yao commented on HDDS-3617: ---------------------------------- Thanks [~maobaolong] for open the issue. Please check the service level authorization added by HDDS-1038. SCM service is intended to open for internal service like OM/DN only. With proper acl setting in hadoop-policy.xml, you should be able to ensure only authorized service user/admin have access to these services. > SCM security > ------------ > > Key: HDDS-3617 > URL: https://issues.apache.org/jira/browse/HDDS-3617 > Project: Hadoop Distributed Data Store > Issue Type: New Feature > Components: SCM > Affects Versions: 0.6.0 > Reporter: maobaolong > Priority: Major > > Now the absence of security of SCM is a risk. SCM don't know who request a > powerful operation, and do it anyway, especially some admin operation, such > as close pipeline, create pipeline, safemode exit and so on. > I think we should do some works on it. > - Authentication. Verify the user information > - Authorization. Check the permission of the user have the right to access. > - Whitelist and Blacklist to simple way to check permission. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org