Overview of Security Changes in 4.3
1. Authorizer API Changes
- Deprecated createFilter() API. CDAP will not use it from 4.3
- Â Added new isVisible(Set<EntityId>, Principal) API
2. Model Changes
- Hierarchical privileges are replaced with Wildcard privileges
- Pre grant will be allowed and CDAP will no more do auto grant/revoke
- CDAP authorization policies will change in 4.3 for convenient authorization privilege management
- Added a notion of visibility which defines who can see an entity. An entity is visible to a user if the user has privilege on the entity or any of its descendant.Â
3. Ranger Integration
- Ranger extension will be packaged in RPM bundle
- Admins will be able to do privilege management using Ranger UI
- CDAP will do enforcement through privileges in Ranger
- There must be a CDAP user who has privilege on all resources in CDAP for the resource lookup to work
Created in 2020 by Google Inc.