(ozone) branch master updated: HDDS-13040. Add user doc highlighting the difference between Ozone ACL and S3 ACL. (#8457)

Mon, 19 May 2025 12:48:08 -0700 

This is an automated email from the ASF dual-hosted git repository.

weichiu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new 7035846377 HDDS-13040. Add user doc highlighting the difference 
between Ozone ACL and S3 ACL. (#8457)
7035846377 is described below

commit 7035846377f524af8c2066153574e01de6b34950
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Mon May 19 12:47:52 2025 -0700

    HDDS-13040. Add user doc highlighting the difference between Ozone ACL and 
S3 ACL. (#8457)
---
 hadoop-hdds/docs/content/security/SecurityAcls.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/hadoop-hdds/docs/content/security/SecurityAcls.md 
b/hadoop-hdds/docs/content/security/SecurityAcls.md
index ee48999ed2..2d9a2eb4dd 100644
--- a/hadoop-hdds/docs/content/security/SecurityAcls.md
+++ b/hadoop-hdds/docs/content/security/SecurityAcls.md
@@ -172,3 +172,16 @@ $ ozone sh bucket removeacl -a user:testuser:r[DEFAULT] 
/vol1/bucket2
 ACL user:testuser:r[DEFAULT] removed successfully.
 ```
 
+## Differences Between Ozone ACL and S3 ACL
+
+Ozone ACLs and S3 ACLs differ primarily in their scope and support.
+
+- **S3 ACLs**: Currently, only S3 Bucket ACL is implemented in Ozone (a beta 
feature). S3 Object ACL is not yet implemented. Any `PutObjectAcl` request will 
result in a `501: Not Implemented` response code.
+- **Ozone ACLs**: Ozone ACLs provide a more comprehensive and flexible access 
control mechanism. They are designed to work seamlessly with Ozone's native 
architecture and support various rights and scopes as mentioned above.
+
+## Ozone File System ACL API
+
+- ACL-related APIs in Ozone file system implementation (`ofs` and `o3fs`), 
such as `getAclStatus`, `setAcl`, `modifyAclEntries`, `removeAclEntries`, 
`removeDefaultAcl`, and `removeAcl` are not supported. These operations will 
throw an UnsupportedOperationException.
+- Similarly, HttpFS ACL-related APIs.
+
+These limitations should be taken into account when integrating Ozone with 
applications that rely on S3 or file system ACL operations.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to