AnsweredAssumed Answered

HBase / Mapr-DB impersonation vs ACE's

Question asked by lelakextfac on Mar 30, 2016
Latest reply on Mar 31, 2016 by lelakextfac

Hi,

 

I have a general (best practice) question regarding where to enforce authorization to MaprDB tables. We are building a reporting layer that serves data from the MapRDB and the question really is about where to enforce authorization. Should we create ACE's within MaprDB to enforce security at tables / CF / columns and then user 'impersonation' to access MaprDB table data ? or should we keep a mapping / looking table like (user x has access to tables a, b c and CF t,y) at the API layer and then enforce the authorization outside the MaprDB.

 

I see pros and cons with both approaches but would like to hear about the best practices from the community.

 

Thanks

Outcomes