[
https://issues.apache.org/jira/browse/HDFS-8112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14530515#comment-14530515
]
Rakesh R commented on HDFS-8112:
--------------------------------
Thank you [~zhangyongxyz] for the comments and bringing up the use case.
IIUC you are saying ErasureCoding APIs can check user permission against the
ACLs of the FSDirectory. Also, we can define the File system actions(r, w, etc)
as per EC operations. When raising this jira [~drankye]'s idea is to enforce
protection policy at the protocol layer [Hadoop Service Level
Authorization|https://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html]
which ensures only privileged users/admins to be able to perform the
operations. Initially we thought all DFS commands for EC should be in client
protocol for this discussion. But on a second thought, there may come new APIs
in other protocol as well. So we have decided to take up this jira later(could
leave for other issues or discussions) and is the reason I didn't give much
focus on this jira. I could see today you have raised HDFS-8333 to discuss the
Create EC zone API user privileges. Probably we could listen the thoughts from
others and take up this task accordingly.
> Enforce authorization policy to protect administration operations for EC zone
> and schemas
> -----------------------------------------------------------------------------------------
>
> Key: HDFS-8112
> URL: https://issues.apache.org/jira/browse/HDFS-8112
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Kai Zheng
> Assignee: Rakesh R
>
> We should allow to enforce authorization policy to protect administration
> operations for EC zone and schemas as such behaviors would impact too much
> for a system.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
