Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-6901

CDAP should have a bootstrap step for authorization

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 3.5.0
    • Component/s: Security
    • Labels:
    • Release Notes:
      Hide
      Added a bootstrap step for authorization in CDAP. As part of this step:
      1. The user that CDAP runs as gets admin privileges on the CDAP instance, as well has all privileges on the system namespace
      2. A list of users specified as the parameter security.authorization.admin.users in cdap-site.xml get admin privileges on the CDAP instance, so they can create namespaces.
      Show
      Added a bootstrap step for authorization in CDAP. As part of this step: 1. The user that CDAP runs as gets admin privileges on the CDAP instance, as well has all privileges on the system namespace 2. A list of users specified as the parameter security.authorization.admin.users in cdap-site.xml get admin privileges on the CDAP instance, so they can create namespaces.
    • Rank:
      1|hzzj0n:

      Description

      This step should: Assign superusers (and CDAP master principal) ALL privileges on the CDAP instance. It should also make sure that cdap has privileges to create/access datasets in system namespace, create the default namespace and deploy system artifacts.

        Attachments

          Activity

            People

            • Assignee:
              bhooshan Bhooshan Mogal
              Reporter:
              bhooshan Bhooshan Mogal
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: