[
https://issues.apache.org/jira/browse/HDFS-14743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17029332#comment-17029332
]
Arpit Agarwal commented on HDFS-14743:
--------------------------------------
One potential downside of thread-locals is if we forget to save a new
operation, then stale state can be passed to the authorizer plugin. This is
impossible with parameter passing.
> Enhance INodeAttributeProvider/ AccessControlEnforcer Interface in HDFS to
> support Authorization of mkdir, rm, rmdir, copy, move etc...
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-14743
> URL: https://issues.apache.org/jira/browse/HDFS-14743
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs
> Affects Versions: 3.1.0
> Reporter: Ramesh Mani
> Assignee: Wei-Chiu Chuang
> Priority: Critical
> Attachments: HDFS-14743 Enhance INodeAttributeProvider_
> AccessControlEnforcer Interface.pdf
>
>
> Enhance INodeAttributeProvider / AccessControlEnforcer Interface in HDFS to
> support Authorization of mkdir, rm, rmdir, copy, move etc..., this should
> help the implementors of the interface like Apache Ranger's HDFS
> Authorization plugin to authorize and audit those command sets.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
