[HADOOP-10650] Add ability to specify a reverse ACL (black list) of users and groups - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0
Component/s: security
Labels:
None

Target Version/s:

2.6.0
Hadoop Flags:

Reviewed

Description

Currently , it is possible to define a ACL (user and groups) for a service. To temporarily remove authorization for a set of users, administrator needs to remove the users from the specific group and this may be a lengthy process ( update ldap groups, flush caches on machines).

If there is a facility to define a reverse ACL for services, then administrator can disable users by specifying the users in reverse ACL. In other words, one can specify a whitelist of users and groups as well as a blacklist of users and groups.

One can also specify a default blacklist to disable the users from accessing any service.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10650.patch
09/Jun/14 18:52
12 kB
Benoy Antony
HADOOP-10650.patch
01/Jul/14 01:22
13 kB
Benoy Antony
HADOOP-10650.patch
16/Aug/14 16:40
13 kB
Benoy Antony

Issue Links

depends upon

HADOOP-10649 Allow overriding the default ACL for service authorization

Closed

is depended upon by

HADOOP-10651 Add ability to restrict service access using IP addresses and hostnames

Closed

HADOOP-10679 Authorize webui access using ServiceAuthorizationManager

Patch Available

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 02/Jun/14 01:45

Updated:: 01/Dec/14 03:11

Resolved:: 17/Aug/14 17:07