...
- Decouple grant/revoke from entity creation
- Support granting/revoke outside CDAP
- Sentry CLI for CDAP
- Support using existing roles and group
- Allow user to set roles
- Reduce CDAP start time because of security
- CDAP system service access to system datasets should bypass authorization. (https://issues.cask.co/browse/CDAP-11659)
- Revoking privileges from admin users when they are removed from that instance.admin config
- Role for instance and system admins and every restart we remove all groups and add again.
- On namespace/entity delete some privileges are left over
- Debugging
- Security issues
- MDC based trace logging for a user (dynamic configuration)
- Performance of security extensions
- Instrumentation of security extension calls
- Security issues
- Flow start behavior is inconsistent with authorization (CDAP-8568)
ITN
- Review all pending PRs (Rohit)
- How many new test cases to add and how many are done (Yaojie)
- Refactoring to run same tests in
- Impersonation
- Namespace Level
- App Level
- Classic (No impersonation, authorization)
- Custom Mapping (Hive, Hbase, HDFS)
- Authorization : More tests
- Artifact
- Pipeline
- Dataset types
- Dataset modules
- Secure keys
...