...
- Reduce CDAP start time because of security
- One possibility to solve this will be to don't do any auth for cdap user in cdap namespaceCDAP system service access to system datasets should bypass authorization. (https://issues.cask.co/browse/CDAP-11659)
- Revoking privileges from admin users when they are removed from that instance.admin config
- Role for instance and system admins and every restart we remove all groups and add again.
- On namespace/entity delete some privileges are left overĀ
- Debugging security issues
- MDC based trace logging for a user (dynamic configuration)
...