Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-12065

Storage Provider Authorization for Datasets

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.2.0
    • Fix Version/s: None
    • Component/s: Datasets, Security
    • Labels:
    • Rank:
      1|i004pb:

      Description

      Authorization can be become a bottleneck if thousands of task concurrently authorize access to the same dataset. However, for data access, it would be safe to rely on the authorization provided by the storage engines (HDFS, HBase). The authorization at the dataset level (as a CDAP entity) does not seem to provide additional security.

      Therefore, it should be possible to configure authorization for datasets to rely on the storage providers, while still requiring it for other actions performed by users logged in, such as, deploying apps, creating namespaces, etc.

        Attachments

          Activity

            People

            • Assignee:
              bhooshan Bhooshan Mogal
              Reporter:
              andreas Andreas Neumann
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: