[
https://issues.apache.org/jira/browse/FALCON-1056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14339987#comment-14339987
]
Pragya Mittal commented on FALCON-1056:
---------------------------------------
Feed definition :
{code}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<feed name="FeedAclTest1" description="clicks log" xmlns="uri:falcon:feed:0.1">
<partitions>
<partition name="country"/>
<partition name="colo"/>
</partitions>
<frequency>minutes(20)</frequency>
<timezone>UTC</timezone>
<late-arrival cut-off="hours(6)"/>
<clusters>
<cluster name="FeedAclTestTry--corp-96c746e5" type="source">
<validity start="2015-02-01T00:00Z" end="2099-05-01T00:00Z"/>
<retention limit="months(9000)" action="delete"/>
</cluster>
</clusters>
<locations>
<location type="data"
path="/tmp/FeedAclTest/input/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
<location type="stats" path="/projects/falcon/clicksStats"/>
<location type="meta" path="/projects/falcon/clicksMetaData"/>
</locations>
<ACL owner="pragyamittal" group="dataqa" permission="*"/>
<schema location="/schema/clicks" provider="protobuf"/>
<properties>
<property name="field1" value="value1"/>
<property name="field2" value="value2"/>
</properties>
</feed>
{code}
I created the hadoop data path for feed with user: randomuser , group
:randomuser.
randomeuser doesnot belong to ACL owner pragyamittal nor does randomuser group
belongs to ACL group dataqa.
{code}
dataqa@ip-192-168-138-200:~$ hadoop fs -lsr /tmp/FeedAclTest
lsr: DEPRECATED: Please use 'ls -R' instead.
drwxr-xr-x - randomuser randomuser 0 2015-02-27 09:46
/tmp/FeedAclTest/input
drwxr-xr-x - randomuser randomuser 0 2015-02-27 09:46
/tmp/FeedAclTest/input/2015
drwxr-xr-x - randomuser randomuser 0 2015-02-27 09:46
/tmp/FeedAclTest/input/2015/02
drwxr-xr-x - randomuser randomuser 0 2015-02-27 09:46
/tmp/FeedAclTest/input/2015/02/01
{code}
When i tried submitting feed by user pragyamittal , i was able to submit it.
(Authorisation is enabled : *.falcon.security.authorization.enabled=true)
{code}
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u pragyamittal
./falcon entity -type feed -submit -file ~/feed.xml
falcon/ua1/Submit successful (feed) FeedAclTest1
prism/Submit successful (feed) FeedAclTest1
{code}
According to changes made in FALCON-497, if feed data path exists and its
owner/group does not belong to ACL/current user/group then feed submit should
fail.
> Able to submit feed even though owner/group of storage specified (location
> type=data) is different from the ACL owner/group
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: FALCON-1056
> URL: https://issues.apache.org/jira/browse/FALCON-1056
> Project: Falcon
> Issue Type: Bug
> Components: feed
> Affects Versions: 0.7
> Reporter: Pragya Mittal
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
