Ranger:
- Goal: Bring it on par with sentry
- High level design for tag based policies
Revisit Authorization Model:
- Currently read on Dataset requires permission on Namespace
- Disadvantages:
- Dataset READ/WRITE require some permission on the namespace like READ. But since privileges are hierarchical this will lead to READ on every entity inside the namespace.
- Disadvantages:
- Having EXECUTE on a program does not allow user to run the program unless he has some privilege on the Application.
- To see the program in UI some privilege is needed on the application
- Need for non hierarchical privileges ?
- Managing non-hierarchical privileges can be cumbersome
- Managing non-hierarchical privileges can be cumbersome
Sentry:
- Reduce number of roles created by Sentry
- User does not have its own group
- Cache Invalidation
- Revoke all from an entity leads to entity with no privilege which cannot be used
General
- CDAP start time because of security
- https://issues.cask.co/browse/CDAP-11659
- One possibility to solve this will be to don't do any auth for cdap user in cdap namespace.
- Add new config for system admin on system namespace
- Revoking from admin users when they are removed from list
- Role for instance and system admins and every restart we remove all groups and add again.
- Cleanup all privileges on namespace delete
- Debugging security issues
- Logger for every logged in user or MDC
ITN
- Review all pending PRs (Rohit)
- How many new test cases to add and how many are done (Yaojie)
- Refactoring to run same tests in
- Impersonation
- Namespace Level
- App Level
- Classic (No impersonation, authorization)
- Custom Mapping (Hive, Hbase, HDFS)
- Authorization : More tests
- Artifact
- Dataset types
- Dataset modules
- Secure keys
Stretch goals for 4.3
- Tag based enforcement in Ranger
- startTLS for LDAP
- Service Authorization