...
- User stories documented (Rohit/Ali/Bhooshan)
- User stories reviewed (Nitin)
- Design documented (Rohit/Ali/Bhooshan)
- Design reviewed (Andreas)
- Feature merged (Rohit/Ali/Bhooshan)
- Examples and guides (Rohit)
- Integration tests (Ali)
- Documentation for feature (Bhooshan)
- Blog post
User Stories
- As a CDAP security admin, I want CDAP programs to be run as the user running the program, and not as the headless "cdap" user.
- As a CDAP/Hydrator security admin, I want all sensitive information like passwords not be stored in plaintext.
- As a CDAP security admin, I want all operations on datasets/streams to be governed by my configured authorization system.
- As a CDAP security admin, I want list operations for all CDAP entities to only return entities that the logged-in user is authorized to view.
- As a CDAP security admin, I want view operations for a CDAP entity to only succeed if the logged-in user is authorized to view that entity
- As a CDAP user, I would like to specify the namespace in an underlying storage provider (e.g. HBase namespace, Hive database) to use for a particular CDAP namespace.
- As a CDAP admin, I want to allow users to access a dataset from a program in a different namespace, as long as the said user is authorized to access that dataset.
- As a CDAP user, I want to be able to run long running Mapreduce, Spark or Hive programs on a secure (kerberos-enabled) cluster.
Scenarios
Scenario #1
Scenario #2
Scenario #3
Entities, Operations and Privileges
...
...
NOTE: Cells marked green were done in 3.4
Design
Testing
Installation
Questions
Out-of-scope User Stories (4.0 and beyond)
- As a CDAP admin, I should be able to authorize metadata changes to CDAP entities
- As a CDAP system, I should be able to push down ACLs to storage providers
- As a CDAP admin, I should be able to see an audit log of all authorization-related changes in CDAP
- As a CDAP admin, I should be able to authorize all thrift-based traffic, so transaction management is also authorized.
...