You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@falcon.apache.org by "Venkat Ranganathan (JIRA)" <ji...@apache.org> on 2015/08/04 16:40:04 UTC

[jira] [Updated] (FALCON-1367) Improve the ACL handling in Falcon

     [ https://issues.apache.org/jira/browse/FALCON-1367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Venkat Ranganathan updated FALCON-1367:
---------------------------------------
    Summary: Improve the ACL handling in Falcon  (was: Fix the ACL handling in Falcon)

> Improve the ACL handling in Falcon
> ----------------------------------
>
>                 Key: FALCON-1367
>                 URL: https://issues.apache.org/jira/browse/FALCON-1367
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Venkat Ranganathan
>
> Currently the ACL element is part of the entity and has the owner and group specified in it.   The owner of the entity is used as the proxy user of the entity. 
> This seems problematic.   We don't want to embed authorization of a resource inside a resource.    Also,  scheduling an entity by a user should be independent of the owner as whom it runs (The proxy user work that [~sowmyaramesh] is adding a doAs capability)
> Moving it out of the entity will allow authorization managers like Apache Ranger to manage the authorization of the entities.
> We want to 
>     # deprecate the use of ACL inside the entity by making it optional
>     # Allow the owner and group of an entity to be managed separately (either by Falcon or controlled via a plugin by Authorization managers)
>     # Identity and fix the permission models (only superuser or owner can change permissions etc)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)