Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Ranger:

  • Goal: Bring it on par with sentry
  • High level design for tag based policies

Revisit Authorization Model:

  • Currently read on Dataset requires permission on Namespace
    • Disadvantages: 
      • Dataset READ/WRITE require some permission on the namespace like READ. But since privileges are hierarchical this will lead to READ on every entity inside the namespace.
  • Having EXECUTE on a program does not allow user to run the program unless he has some privilege on the Application. 
    • To see the program in UI some privilege is needed on the application
  • Need for non hierarchical privileges ?
    • Managing non-hierarchical privileges can be cumbersome for admins
  • Revoke all from an entity leads to entity with no privileges leading to an unusable entity
    • What happens if the only user who has ADMIN on the entity disappears from LDAP for some reason ?
  • Updating system artifacts is not possible since only cdap has access on system namespace.

Sentry:

  • Reduce number of roles created by Sentry
    • Backward compatibility
  • Handle cases where user does not have its own group
  • Cache invalidation in case of group privilege change
    • Performance testing
  • Grant on roles fail if the granting user does not have the same privilege (CDAP-9305)

General

  • Decouple grant/revoke from entity creation
    • Support granting/revoke outside CDAP 
    • Sentry CLI for CDAP
    • Support using existing roles and group
      • Allow user to set roles
  • Reduce CDAP start time because of security
  • Revoking privileges from admin users when they are removed from that instance.admin config
    • Role for instance and system admins and every restart we remove all groups and add again.
  • On namespace/entity delete some privileges are left over 
  • Debugging 
    • Security issues 
      • MDC based trace logging for a user (dynamic configuration)
    • Performance of security extensions
      • Instrumentation of security extension calls

ITN

  • Review all pending PRs (Rohit)
  • How many new test cases to add and how many are done (Yaojie)
  • Refactoring to run same tests in
    • Impersonation
      • Namespace Level
      • App Level
      • Classic (No impersonation, authorization)
    • Custom Mapping (Hive, Hbase, HDFS)
  • Authorization : More tests
    • Artifact
    • Pipeline
    • Dataset types
    • Dataset modules
    • Secure keys

Stretch goals for 4.3 

  1. Tag based enforcement in Ranger
  2. startTLS for LDAP
  3. Service Authorization
  4. Only work with push down privileges to underlying storage provider (for environments which does not have sentry or ranger)
  • No labels