[
https://issues.apache.org/jira/browse/AMBARI-14228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
DIPAYAN BHOWMICK updated AMBARI-14228:
--------------------------------------
Attachment: AMBARI-14228_branch-2.1.patch
> Ambari Files View ignores alternate HDFS authorization mechanisms
> -----------------------------------------------------------------
>
> Key: AMBARI-14228
> URL: https://issues.apache.org/jira/browse/AMBARI-14228
> Project: Ambari
> Issue Type: Bug
> Components: ambari-views
> Affects Versions: 2.1.2
> Reporter: DIPAYAN BHOWMICK
> Assignee: DIPAYAN BHOWMICK
> Fix For: 2.2.0
>
> Attachments: AMBARI-14228_branch-2.1.patch
>
>
> PROBLEM: In the files view Ambari only seems to be looking at user, group,
> mode which comes back from a GETSTATUS call and making the access decision
> based on that in the client.
> Doing it this way completely ignores alternate authorization mechanisms like
> HDFS ACLs and Ranger. Particularly with HDFS' new pluggable interface for
> authorization in Hadoop 2.7 this problem could get worse down the road.
> Ambari needs to deal with this in a uniform way so the user gets all of the
> access coming to them.
> BUSINESS IMPACT: Ambari files view is potentially useless to customers who
> have built an authorization model on anything other than user/group/mode,
> such as Ranger or HDFS ACLs
> EXPECTED RESULTS: The user should see no difference in their privilege level
> between Ambari Files View and FSShell.
> ACTUAL RESULTS: Only user/group/mode are considered in files view
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
