DIPAYAN BHOWMICK created AMBARI-14228:
-----------------------------------------
Summary: Ambari Files View ignores alternate HDFS authorization
mechanisms
Key: AMBARI-14228
URL: https://issues.apache.org/jira/browse/AMBARI-14228
Project: Ambari
Issue Type: Bug
Components: ambari-views
Affects Versions: 2.1.2
Reporter: DIPAYAN BHOWMICK
Assignee: DIPAYAN BHOWMICK
Fix For: 2.2.0
PROBLEM: In the files view Ambari only seems to be looking at user, group, mode
which comes back from a GETSTATUS call and making the access decision based on
that in the client.
Doing it this way completely ignores alternate authorization mechanisms like
HDFS ACLs and Ranger. Particularly with HDFS' new pluggable interface for
authorization in Hadoop 2.7 this problem could get worse down the road.
Ambari needs to deal with this in a uniform way so the user gets all of the
access coming to them.
BUSINESS IMPACT: Ambari files view is potentially useless to customers who have
built an authorization model on anything other than user/group/mode, such as
Ranger or HDFS ACLs
EXPECTED RESULTS: The user should see no difference in their privilege level
between Ambari Files View and FSShell.
ACTUAL RESULTS: Only user/group/mode are considered in files view
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
