Abhishek created RANGER-3745:
--------------------------------
Summary: User allowed to delete an ozone directory recursively
even when a deny policy is present
Key: RANGER-3745
URL: https://issues.apache.org/jira/browse/RANGER-3745
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhishek
User who has a deny policy on an Ozone key path is allowed to delete the
directory,
the expected behaviour is that the operation should have been denied.
The details of the test scenario are as follows:-
Policy setup :-
User test_user
1. Has all access on volume = test-volume-ansbmj , bucket =
test-bucket-ansbmj
2. Has all access on the key = test_dir_ansbmjr_?/dir1_* and
test_dir_ansbmjr_?/dir_1_*
3. Has a deny policy on the path "test_dir_ansbmjr_1/dir1_*/dir_1_*"
Data setup
The following directory structure is created
[o3fs://test-bucket-ansbmjr.test-volume-ansbmjr.ozone1/test_dir_ansbmjr_1/dir1_lapnqcr]
[o3fs://test-bucket-ansbmjr.test-volume-ansbmjr.ozone1/test_dir_ansbmjr_1/dir1_lapnqcr/dir_1_random_str]
As user test_user, try to delete
o3fs://test-bucket-ansbmjr.test-volume-ansbmjr.ozone1/test_dir_ansbmjr_1/dir1_lapnqcr
recursively.
The operation should be denied but it is being allowed
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
