You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "David Radley (JIRA)" <ji...@apache.org> on 2018/01/05 10:19:00 UTC
[jira] [Commented] (RANGER-1850) Impersonation/proxy user support
for gaiandb ranger plugin
[ https://issues.apache.org/jira/browse/RANGER-1850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312868#comment-16312868 ]
David Radley commented on RANGER-1850:
--------------------------------------
[~jonesn] It might be safer to fail the authentication if proxy user and password properties were set but failed to authenticate; rather than try authenticating with the regular userid. I think this honours the authorization intent.
I am unsure what the create schema flag does - I suggest a comment. It seems strange we should create a schema on a query - or have I missed something.
> Impersonation/proxy user support for gaiandb ranger plugin
> ----------------------------------------------------------
>
> Key: RANGER-1850
> URL: https://issues.apache.org/jira/browse/RANGER-1850
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Reporter: Nigel Jones
> Attachments: GaianDBAuth.docx
>
>
> Applications/users could connect to gaianDB using their own authentication information - for example userid/password in the simple case. Here the ranger plugin will use that id for policy checks.
> However in a multi tiered architecture a service id (aka non personal account) may be used, and somehow the user to be impersonated is passed via an additional property. This has a number of implications to the system configuration, derby/gaiandb configuration & the plugin implementation.
> Opening this Jira as a placeholder and will add a document soon (++days) on the same to capture some of the discussion around this area in recent days.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)