...
- Reduce number of roles created by Sentry
- Backward compatibility
- Handle cases where user does not have its own group
- Cache invalidation in case of group privilege change
- Performance testing
- Grant on roles fail if the granting user does not have the same privilege (CDAP-9305)
General
- Reduce CDAP start time because of security
- One possibility to solve this will be to don't do any auth for cdap user in cdap namespace. (https://issues.cask.co/browse/CDAP-11659)
- Revoking privileges from admin users when they are removed from that instance.admin config
- Role for instance and system admins and every restart we remove all groups and add again.
- On namespace/entity delete some privileges are left overĀ
- Debugging security issues
- MDC based trace logging for a user (dynamic configuration)
...