[jira] [Updated] (HDDS-1900) Remove UpdateBucket handler which supports add/remove Acl

Fri, 02 Aug 2019 16:02:23 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bharat Viswanadham updated HDDS-1900:
-------------------------------------
    Description: 
This Jira is to remove bucket update handler.

To add acl/remove acl we should use ozone sh bucket addacl/ozone sh bucket 
removeacl.

 

Otherwise, when security is enabled, old Bucket update handler, uses 
setBucketProperty and that checks acl acces for WRITE, whereas when add/remove 
Acl we should check access for WRITE_ACL.

 

If we have both ways, even if a USER does not have WRITE_ACL can still 
add/remove Acls on a bucket.

 

This Jira is to clean up the old code.

  was:
This Jira is to remove bucket update handler.

To add acl/remove acl we should use ozone sh bucket addacl/ozone sh bucket 
removeacl.

 

Otherwise, when security is enabled, old Bucket update handler, uses 
setBucketProperty and that checks acl acces for WRITE, whereas when add/remove 
Acl we should check access for WRITE_ACL.

 

This Jira is to clean up the old code.


> Remove UpdateBucket handler which supports add/remove Acl
> ---------------------------------------------------------
>
>                 Key: HDDS-1900
>                 URL: https://issues.apache.org/jira/browse/HDDS-1900
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> This Jira is to remove bucket update handler.
> To add acl/remove acl we should use ozone sh bucket addacl/ozone sh bucket 
> removeacl.
>  
> Otherwise, when security is enabled, old Bucket update handler, uses 
> setBucketProperty and that checks acl acces for WRITE, whereas when 
> add/remove Acl we should check access for WRITE_ACL.
>  
> If we have both ways, even if a USER does not have WRITE_ACL can still 
> add/remove Acls on a bucket.
>  
> This Jira is to clean up the old code.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to