You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2017/03/28 23:18:41 UTC

[jira] [Commented] (HADOOP-11335) KMS ACL in meta data or database

    [ https://issues.apache.org/jira/browse/HADOOP-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15946166#comment-15946166 ] 

Hadoop QA commented on HADOOP-11335:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m  0s{color} | {color:blue} Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red}  0m  8s{color} | {color:red} HADOOP-11335 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | HADOOP-11335 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12737534/HADOOP-11335.008.patch |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/11963/console |
| Powered by | Apache Yetus 0.5.0-SNAPSHOT   http://yetus.apache.org |


This message was automatically generated.



> KMS ACL in meta data or database
> --------------------------------
>
>                 Key: HADOOP-11335
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11335
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Jerry Chen
>            Assignee: Dian Fu
>              Labels: BB2015-05-TBR, Security
>         Attachments: HADOOP-11335.001.patch, HADOOP-11335.002.patch, HADOOP-11335.003.patch, HADOOP-11335.004.patch, HADOOP-11335.005.patch, HADOOP-11335.006.patch, HADOOP-11335.007.patch, HADOOP-11335.008.patch, HADOOP-11335.re-design.patch, KMS ACL in metadata or database.pdf
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Currently Hadoop KMS has implemented ACL for keys and the per key ACL are stored in the configuration file kms-acls.xml.
> The management of ACL in configuration file would not be easy in enterprise usage and it is put difficulties for backup and recovery.
> It is ideal to store the ACL for keys in the key meta data similar to what file system ACL does.  In this way, the backup and recovery that works on keys should work for ACL for keys too.
> On the other hand, with the ACL in meta data, the ACL of each key can be easily manipulate with API or command line tool and take effect instantly.  This is very important for enterprise level access control management.  This feature can be addressed by separate JIRA. While with the configuration file, these would be hard to provide.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org