...
- Currently read on Dataset requires permission on Namespace
- Disadvantages:
- Dataset READ/WRITE require some permission on the namespace like READ. But since privileges are hierarchical this will lead to READ on every entity inside the namespace.
- Disadvantages:
- Having EXECUTE on a program does not allow user to run the program unless he has some privilege on the Application.
- To see the program in UI some privilege is needed on the application
- Need for non hierarchical privileges ?
- Managing non-hierarchical privileges can be cumbersome for admins
- Managing non-hierarchical privileges can be cumbersome for admins
- Revoke all from an entity leads to entity with no privileges leading to an unusable entity
- What happens if the only user who has ADMIN on the entity disappears from LDAP for some reason ?
- Updating system artifacts is not possible since only cdap has access on system namespace.
...