Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-9125

CDAP Sentry Integration should not rely on every user having their own individual group

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.1.0, 4.0.0, 3.6.0, 3.5.0
    • Fix Version/s: 4.3.0
    • Component/s: Security
    • Labels:
    • Release Notes:
      CDAP Sentry Integration does not rely on every user having their own individual group
    • Rank:
      1|hzzyef:

      Description

      In Sentry privileges can only be granted to roles and only groups can be added to roles.
      In CDAP when a user creates an entity we want to grant the user all the privileges on the entity. To overcome the limitation on Sentry CDAP grants privileges to the user by creating a new role and adding the user's group (we assume that every user has their own group in the UserGroupMappingService) and then granting privileges to this role.

      This assumption that every user has their own group to which only they belong to and the group name is same as username will not be true in every scenario.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                poorna Poorna Chandra
                Reporter:
                rsinha Rohit Sinha
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: