[
https://issues.apache.org/jira/browse/HDFS-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091335#comment-16091335
]
Weiwei Yang edited comment on HDFS-12147 at 7/18/17 9:26 AM:
-------------------------------------------------------------
Hi [~nandakumar131]
Thank you. But even we want to expose them to clients, the API arguments still
look odd to me. How would a client to compose an OzoneAcl in the request when
it wants to check a certain access? Semantically we often check against an
{{User Identity}} and an {{operation}} (e.g read/write/delete). Use this patch,
does it work like following?
Suppose a bucket has following ACL
{noformat}
user:bilbo:rw
user:john:r
user:mike:w
{noformat}
and a client pass an OzoneAcl like following
{{user:mike:w}}
this means I want to check if user mike has the write permission to the bucket?
And this case it has the access.
What if the bucket ACL is like following
{noformat}
user:bilbo:rw
user:john:r
group:hadoop:w
{noformat}
and mike belongs to hadoop group, when I verify {{user:mike:w}}, will it give
me an access control exception?
Forgive me I just want to understand how this works.
Thanks a lot.
was (Author: cheersyang):
Hi [~nandakumar131]
Thank you. But even we want to expose them to clients, the API arguments still
look odd to me. How would a client to compose an OzoneAcl in the request when
it wants to check a certain access? Semantically we often check against an
{{User Identity}} and an {{operation}} (e.g read/write/delete). Use this patch,
does it work like following?
Suppose a bucket has following ACL
{noformat}
user:bilbo:rw
user:john:r
user:mike:w
{noformat}
and a client pass an OzoneAcl like following
{{user:mike:w}}
this means I want to check if user mike has the write permission to the bucket?
And this case it has the access.
What if the bucket ACL is like following
{noformat}
user:bilbo:rw
user:john:r
group:hadoop:w
{noformat}
and mike belongs to hadoop group, when I verify {{user:mike:w}}, will it give
me an access control exception?
> Ozone: KSM: Add checkBucketAccess
> ---------------------------------
>
> Key: HDFS-12147
> URL: https://issues.apache.org/jira/browse/HDFS-12147
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: ozone
> Reporter: Nandakumar
> Assignee: Nandakumar
> Attachments: HDFS-12147-HDFS-7240.000.patch,
> HDFS-12147-HDFS-7240.001.patch
>
>
> Checks if the caller has access to a given bucket.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
