Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-9027

Fix user based grant in cdap sentry extension

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.1.0, 4.0.0, 3.6.0, 3.5.0
    • Fix Version/s: 4.1.1
    • Component/s: Security
    • Labels:
    • Release Notes:
      Users can now grant and revoke privileges for UNIX groups and users when using Apache Sentry as the authorization extension for CDAP.
    • Rank:
      1|hzzy1j:

      Description

      Sentry only supports grants on a role and expect roles to be given to groups. This is a bit inconvenient and cdap works around it by creating entity role while entity creation. To support this cdap sentry extension allow user based grant which is needed to support entity creation in cdap by a user although we should restrict an end user from doing this.
      Even if we decide to keep supporting this we should provide a way to revoke which we don't have right now

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rsinha Rohit Sinha
                Reporter:
                rsinha Rohit Sinha
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: