[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hadoop-dev
Subject:    [jira] [Created] (HADOOP-11335) KMS ACL in meta data or database
From:       "Jerry Chen (JIRA)" <jira () apache ! org>
Date:       2014-11-26 0:35:12
Message-ID: JIRA.12757855.1416962075000.21050.1416962112690 () Atlassian ! JIRA
[Download RAW message or body]

Jerry Chen created HADOOP-11335:
-----------------------------------

             Summary: KMS ACL in meta data or database
                 Key: HADOOP-11335
                 URL: https://issues.apache.org/jira/browse/HADOOP-11335
             Project: Hadoop Common
          Issue Type: Improvement
          Components: kms
    Affects Versions: trunk-win
            Reporter: Jerry Chen


Currently Hadoop KMS has implemented ACL for keys and the per key ACL are stored in \
the configuration file kms-acls.xml.

The management of ACL in configuration file would not be easy in enterprise usage and \
it is put difficulties for backup and recovery.

It is ideal to store the ACL for keys in the key meta data similar to what file \
system ACL does.  In this way, the backup and recovery that works on keys should work \
for ACL for keys too.

On the other hand, with the ACL in meta data, the ACL of each key can be easily \
manipulate with API or command line tool and take effect instantly.  This is very \
important for enterprise level access control management.  This feature can be \
addressed by separate JIRA. While with the configuration file, these would be hard to \
provide.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[prev in list] [next in list] [prev in thread] [next in thread]