[
https://issues.apache.org/jira/browse/HDFS-8333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14979473#comment-14979473
]
Andrew Wang commented on HDFS-8333:
-----------------------------------
Regarding createEncryptionZone, we kept it superuser-only since a new zone
typically requires creating a new key, and creating a new key normally requires
admin-level permissions. Plus admins will want to lock down what keys are in
use on the cluster, so there's another security angle there too.
Nicholas is right that we can always relax the permissions later, so that's the
most conservative choice. However, I see EC as like setting the replication
factor. I think we should let users use their disk quota however they want, be
it replication or EC. I'm also still hoping for a unification of EC with the
StoragePolicy APIs too, which are not admin-only. We had a long discussion
about this on HDFS-8833, but I don't think any progress has been made towards
it yet.
> Create EC zone should not need superuser privilege
> --------------------------------------------------
>
> Key: HDFS-8333
> URL: https://issues.apache.org/jira/browse/HDFS-8333
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Yong Zhang
> Assignee: Yong Zhang
> Attachments: HDFS-8333-HDFS-7285.000.patch
>
>
> create EC zone should not need superuser privilege, for example, in multiple
> tenant scenario, common users only manage their own directory and
> subdirectory.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
