[jira] [Commented] (HDDS-4944) Multi-Tenant Support in Ozone

Mon, 22 Mar 2021 10:26:08 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17306435#comment-17306435
 ] 

Prashant Pogde commented on HDDS-4944:
--------------------------------------

Thank you [~elek] for going through the documents. Please find the comments 
inline
 # I will add more text in the doc. I thought a picture would convey thousand 
words :) 
 # No, Ozone will not implement group/roles in OM. Users need not exist in 
Apache Ranger. user/groups/roles in Apache Ranger are just abstract entities 
that exist in the ranger policies. If a policy refers to user/groups, Ranger 
would assume they exist. Ranger only does authorization and not authentication. 
Authentication is left to Ozone. Ozone is responsible for sending information 
as to who(user/groups) is accessing the resource and then asking ranger whether 
this request is authorized or not.
 # This is Multi-Tenant management in Ozone. Once we have multi-tenancy, we do 
need to classify users as belonging to one or the other tenant. So 
users-to-tenant assignment and some management of users would be integral part 
of it.
 # The current proposal is for managing S3 users with Multi-Tenancy because 
S3-users are completely internally managed by Ozone. It leaves door open for 
any other -non-kerberose user management in future.
 # Yes, I will add a section for this in the attached document.

> Multi-Tenant Support in Ozone
> -----------------------------
>
>                 Key: HDDS-4944
>                 URL: https://issues.apache.org/jira/browse/HDDS-4944
>             Project: Apache Ozone
>          Issue Type: New Feature
>          Components: Ozone CLI, Ozone Datanode, Ozone Manager, Ozone Recon, 
> S3, SCM, Security
>    Affects Versions: 1.2.0
>            Reporter: Prashant Pogde
>            Assignee: Prashant Pogde
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz, 
> Ozone, Multi-tenancy, S3, Kerberos....pdf, UseCaseAWSCompatibility.pdf, 
> UseCaseCephCompatibility.pdf, UseCaseConfigureMultiTenancy.png, 
> UseCaseCurrentOzoneS3BackwardCompatibility.pdf, VariousActorsInteractions.png
>
>
> This Jira will be used to track a new feature for Multi-Tenant support in 
> Ozone. Initially Multi-Tenant feature would be limited to ozone-users 
> accessing Ozone over S3 interface.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to