[
https://issues.apache.org/jira/browse/HDDS-4655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoyu Yao updated HDDS-4655:
-----------------------------
Issue Type: Improvement (was: Bug)
> New Native Ozone Authorizer ACL model
> -------------------------------------
>
> Key: HDDS-4655
> URL: https://issues.apache.org/jira/browse/HDDS-4655
> Project: Hadoop Distributed Data Store
> Issue Type: Improvement
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
>
> The current Native Ozone Authorize has several limitations for recursive
> operations
> 1. It does not support efficient recursive ACL set
> Hive uses a recursive ACL set to change the directory(table) ACLs. ONA v1
> does not support this. As a result, this has been translated into recursive
> setAcl call individually, which is quite slow compared with HDFS.
> 2. It does not support efficient recursive ACL check
> This is required for rename/delete operations when the Trash feature is
> enabled on Ozone HCFS: ofs or o3fs.
> This ticket is opened to improve the native ozone authorizer for these
> recursive operations by deprecating per key ACL support. The new model will
> allow default ACLs on volume/bucket/prefix levels.
> Instead of populate ACCESS ACL upon set, the ACCESS ACL will always
> determined at runtime based on the DEFAULT ACLs of itself (if any) or its
> parent.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
