You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2015/09/28 17:50:04 UTC
[jira] [Created] (RANGER-668) Improve Ranger to use native ACLs
instead of agent policies
Hari Sekhon created RANGER-668:
----------------------------------
Summary: Improve Ranger to use native ACLs instead of agent policies
Key: RANGER-668
URL: https://issues.apache.org/jira/browse/RANGER-668
Project: Ranger
Issue Type: Improvement
Affects Versions: 0.5.0
Environment: HDP 2.3 + Kerberos
Reporter: Hari Sekhon
I raised a request around a year ago for Hortonworks to do native ACL push-down, it looks like Ranger is still doing agent policies, which creates a dependency on the agent working rather than just keeping the ACL in say HDFS or Hive.
I appreciate this is a big change but is this something that can be realistically implemented in the mid-term?
This would also allow better auditing since Ranger would be reading the online ACLs (eg. the NameNode) would truly give a unified view of the applied ACLs to a given data source.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)