You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2015/09/28 17:50:04 UTC

[jira] [Created] (RANGER-668) Improve Ranger to use native ACLs instead of agent policies

Hari Sekhon created RANGER-668:
----------------------------------

             Summary: Improve Ranger to use native ACLs instead of agent policies
                 Key: RANGER-668
                 URL: https://issues.apache.org/jira/browse/RANGER-668
             Project: Ranger
          Issue Type: Improvement
    Affects Versions: 0.5.0
         Environment: HDP 2.3 + Kerberos
            Reporter: Hari Sekhon


I raised a request around a year ago for Hortonworks to do native ACL push-down, it looks like Ranger is still doing agent policies, which creates a dependency on the agent working rather than just keeping the ACL in say HDFS or Hive.

I appreciate this is a big change but is this something that can be realistically implemented in the mid-term?

This would also allow better auditing since Ranger would be reading the online ACLs (eg. the NameNode) would truly give a unified view of the applied ACLs to a given data source.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)