Versions Compared

Old Version 52

changes.mady.by.user Rohit Sinha

Saved on

compared with

New Version 53

changes.mady.by.user Bhooshan Mogal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Ideally, D-Rock would like to be able to authorize all operations on all entities in CDAP. 
  • However, this can be rolled out in phases. In the initial phase, he would like to control who can:
    • Create/update/delete a namespace
      • Only users with WRITE permission on CDAP instance should be able to perform this operation.
      • We will add a A property in cdap-site.xml for comma separated list  should decide a set of users who have admin permission on cdap instance. These admins can then later grant permissions to other users.
    • Deploy an application in a namespace
      • Only users with WRITE permission on the namespace should be able to perform this operation
      • One the application is deployed the the user who deployed becomes the owner
    • Start/stop a program
      • Only users with READ permission on the namespace and application, and EXECUTE permission on the program should be able to perform this operation
      • Only users with ADMIN permission on the program can set preference for the program
      • Only users with WRITE permission can provide runtime args
    • Read/write to a stream
      • Only users with READ privilege on the namespace and READ permission on the stream should be able to read from the stream
      • Only users with READ privilege on the namespace and WRITE permission on the stream should be able to write to the stream

Design

This feature can be broken down into the following main parts, in no specific order:

...