You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2014/06/27 02:28:24 UTC
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045379#comment-14045379 ]
Alejandro Abdelnur commented on HADOOP-10758:
---------------------------------------------
Keys when created could have a special attribute 'key.acl.id'.
The KMS, when a user requests a key, it would assert that the user has access to it by checking the specified ACL id. For this the KMS would have hot reloadable ACLs from a key-acls.xml file and using Hadoop {{ACL}} class would assert access to the key.
This could be implemented as a {{KeyProvider}} proxy class and it would leverage HADOOP-10750 & HADOOP-10757.
> KMS: add ACLs on per key basis.
> -------------------------------
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)