Description
This task defines and implements Authorization Server role for HAS. First, it provides the service level access token based authorization for HAS. It also provides fine-grained access control mechanisms for Hadoop to further enforce fine-grained access control for specific components, such as HDFS. This role along with related services can be configured into one HAS deployment. The scope of this task is highlighted as following:
- Implement access token service defined in TokenAuth framework. The access token service provides service level authorization and grants access token according to the identity token and access permissions.
- Define and implement authorization policy service in HAS for Hadoop services to retrieve and synchronize authorization policies.
- Implement and provide authorization policy management, allowing admin to create and manage authorization policies to authorize system and resource accesses employing different authorization models with corresponding editors and tools;
- Implement and provide authorization management facility, allowing admin to configure global settings and manage authorization policies across the system for the domain.
Attachments
Issue Links
- Is contained by
-
HADOOP-9798 TokenAuth Implementation - HAS
-
- Open
-