...

•  User stories documented (Shenggu)
•  User stories reviewed (Nitin)
•  Design documented (Shenggu)
•  Design reviewed (Andreas)
•  Feature merged (Shenggu)
•  Integration tests (Shenggu)
•  Documentation for feature (Shenggu)
•  Blog post (Shenggu)

...

Communication with Apache SENTRY is enabled by SENTRY's thrift service. When admin grants/ revokes certain privileges through the Hue UI, it will be propagated to the SENTRY system and take effects on the further request coming from CDAP. In design one Hue will talk to the Sentry directly while design two take advantage of the Sentry Client apis built in CDAP to do so. We prefer the second one since it Although the second design involves less code modification in Hue and it favors future change of security functionalities (as we have to change both in Hue and in CDAP for the first design in this case)to be implemented, we will still implement design one as it is compatible with the behaviors of other plugins(hive/hdfs) in Hue and it is suitable for more cases(a security breach for instance). To work on design one, the Hue itself will also talk to sentry and have a separate keytab file to get authenticated with kerberos. 

UI Mockup

One possible UI layout is shown below. All the entities in CDAP can be listed hierarchically in the left. When click on one specific entity, user is able to view the detailed properties of this entity and manage the acl rules associated with this entity. The actual UI may vary in colors and relative layout of elements but stick to this concept.

...

The operations here include {READ | WRITE | EXECUTE | ADMIN | ALL}. Multiple operations can be granted/revoked at once.

Out of Scope

In the above design, the system only supports listing all entities in CDAP and perform ACL management on these entities, while there is no full-support for managing the entities. These cases are listed as below and might be supported in the future.

...