You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oozie.apache.org by "Andras Piros (JIRA)" <ji...@apache.org> on 2018/03/14 09:11:00 UTC

[jira] [Created] (OOZIE-3196) Authorization: restrict world readability by user

Andras Piros created OOZIE-3196:
-----------------------------------

             Summary: Authorization: restrict world readability by user
                 Key: OOZIE-3196
                 URL: https://issues.apache.org/jira/browse/OOZIE-3196
             Project: Oozie
          Issue Type: New Feature
          Components: bundle, coordinator, workflow
    Affects Versions: 5.0.0b1
            Reporter: Andras Piros


The [*current authorization model*|https://issues.apache.org/jira/browse/OOZIE-228] does not fit the enterprise requirements as everything is readable and writable by everyone by default.

Write access can be restricted using authorization but restricting read rights is only possible via Yarn ACLs and HDFS rights which still does not prevent accessing the workflow, coordinator or bundle job’s configurations for everyone.

Improve authorization so it’s possible to configure read/write access for workflows, coordinators, and bundles in a more granular way. Could involve Sentry during implementation or create and design a new system that fits the needs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)