You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2015/09/28 17:55:04 UTC
[jira] [Updated] (RANGER-668) Improve Ranger to use native ACLs
instead of agent policies
[ https://issues.apache.org/jira/browse/RANGER-668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hari Sekhon updated RANGER-668:
-------------------------------
Description:
I raised a request around a year ago for Hortonworks to do native ACL push-down, it looks like Ranger is still doing agent policies, which creates a dependency on the ranger agent (I know it's not a separate process to fail) rather than just keeping the ACL in say HDFS or Hive.
I appreciate this is a big change but is this something that can be realistically implemented in the mid-term?
This would also allow better auditing since Ranger would be reading the online ACLs (eg. the NameNode) would truly give a unified view of the applied ACLs to a given data source.
was:
I raised a request around a year ago for Hortonworks to do native ACL push-down, it looks like Ranger is still doing agent policies, which creates a dependency on the agent working rather than just keeping the ACL in say HDFS or Hive.
I appreciate this is a big change but is this something that can be realistically implemented in the mid-term?
This would also allow better auditing since Ranger would be reading the online ACLs (eg. the NameNode) would truly give a unified view of the applied ACLs to a given data source.
> Improve Ranger to use native ACLs instead of agent policies
> -----------------------------------------------------------
>
> Key: RANGER-668
> URL: https://issues.apache.org/jira/browse/RANGER-668
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.5.0
> Environment: HDP 2.3 + Kerberos
> Reporter: Hari Sekhon
>
> I raised a request around a year ago for Hortonworks to do native ACL push-down, it looks like Ranger is still doing agent policies, which creates a dependency on the ranger agent (I know it's not a separate process to fail) rather than just keeping the ACL in say HDFS or Hive.
> I appreciate this is a big change but is this something that can be realistically implemented in the mid-term?
> This would also allow better auditing since Ranger would be reading the online ACLs (eg. the NameNode) would truly give a unified view of the applied ACLs to a given data source.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)