You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2014/06/27 02:28:24 UTC

[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.

    [ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045379#comment-14045379 ] 

Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------

Keys when created could have a special attribute 'key.acl.id'.

The KMS, when a user requests a key, it would assert that the user has access to it by checking the specified ACL id. For this the KMS would have hot reloadable ACLs from a key-acls.xml file and using Hadoop {{ACL}} class would assert access to the key.

This could be implemented as a {{KeyProvider}} proxy class and it would leverage HADOOP-10750 & HADOOP-10757.



> KMS: add ACLs on per key basis.
> -------------------------------
>
>                 Key: HADOOP-10758
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10758
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>
> The KMS server should enforce ACLs on per key basis.



--
This message was sent by Atlassian JIRA
(v6.2#6252)