[jira] [Assigned] (RANGER-4817) Optimize Ranger HDFS Authorization by combining multiple authorization calls

Tue, 11 Jun 2024 11:49:04 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-4817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni reassigned RANGER-4817:
--------------------------------------

    Assignee: Abhay Kulkarni

> Optimize Ranger HDFS Authorization by combining multiple authorization calls
> ----------------------------------------------------------------------------
>
>                 Key: RANGER-4817
>                 URL: https://issues.apache.org/jira/browse/RANGER-4817
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> The focus of optimizations described below is to minimize the number of times 
> the Ranger policy-engine is called to authorize a NameNode RPC without 
> modifying the Namenode authorization interface or authorization call sequence.
> This optimization is possible as the Namenode calls the authorizer more than 
> once to authorize some RPCs, as observed during the testing. To ensure that 
> the authorizer is provided a consistent context to represent a RPC, some 
> improvements are needed in the Namenode. Related Namenode JIRAs are
> {*}HDFS-17478{*}: Avoid creation of AccessControlEnforcer object for every 
> call to the authorizer, and
> {*}HDFS-17500{*}: Provide operation name consistently in the caller-context 
> provided to checkPermissionWithContext() API.
> Ranger authorizer is updated to leverage this context to optimize 
> authorization calls for the RPC. In particular, the following RPC operations' 
> authorization logic is updated.
>  
> List of operations with optimized authorization checks.
>  # Create file: operation name “create” 
>  # Rename file: operation name “rename”
>  # Delete file: operation name “delete”
>  # Create directory: operation name “mkdirs”
>  # List directory contents: operation name “listStatus”
>  # Rename directory: operation name “rename”
>  # Delete directory: operation name “delete”
>  # Get Encryption Zone for a directory: operation name “getEZForPath”



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to