[HADOOP-11335] KMS ACL in meta data or database - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.6.0
Fix Version/s: None
Component/s: kms
Labels:
- BB2015-05-TBR
- Security

Target Version/s:

2.8.3

Description

Currently Hadoop KMS has implemented ACL for keys and the per key ACL are stored in the configuration file kms-acls.xml.

The management of ACL in configuration file would not be easy in enterprise usage and it is put difficulties for backup and recovery.

It is ideal to store the ACL for keys in the key meta data similar to what file system ACL does. In this way, the backup and recovery that works on keys should work for ACL for keys too.

On the other hand, with the ACL in meta data, the ACL of each key can be easily manipulate with API or command line tool and take effect instantly. This is very important for enterprise level access control management. This feature can be addressed by separate JIRA. While with the configuration file, these would be hard to provide.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11335.001.patch
14/Jan/15 12:14
145 kB
Dian Fu
HADOOP-11335.002.patch
15/Jan/15 03:23
149 kB
Dian Fu
HADOOP-11335.003.patch
17/Jan/15 13:04
158 kB
Dian Fu
HADOOP-11335.004.patch
27/Jan/15 06:58
168 kB
Dian Fu
HADOOP-11335.005.patch
28/Jan/15 05:48
172 kB
Dian Fu
HADOOP-11335.006.patch
03/Mar/15 03:23
117 kB
Dian Fu
HADOOP-11335.007.patch
28/Apr/15 03:17
89 kB
Dian Fu
HADOOP-11335.008.patch
04/Jun/15 11:04
90 kB
Dian Fu
HADOOP-11335.re-design.patch
04/Feb/15 10:38
28 kB
Arun Suresh
KMS ACL in metadata or database.pdf
06/Jan/15 07:17
551 kB
Dian Fu

Activity

People

Assignee:: Dian Fu

Reporter:: Haifeng Chen

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Due:: 30/Jan/15

Created:: 26/Nov/14 00:34

Updated:: 11/Sep/17 05:08

Time Tracking

Estimated:

504h

Remaining:

504h

Logged:

Not Specified