aswinshakil commented on code in PR #310: URL: https://github.com/apache/ozone-site/pull/310#discussion_r2748265604
########## docs/03-core-concepts/04-security/02-acls/01-native-acls.md: ########## @@ -175,3 +175,54 @@ Ozone ACLs and S3 ACLs differ primarily in their scope and support. - Similarly, HttpFS ACL-related APIs. These limitations should be taken into account when integrating Ozone with applications that rely on S3 or file system ACL operations. + +## Permission comparison table + +The table below shows the mapping between Ozone operations and the required Native ACL permissions. + +`<admin>`: for native ACL, all access is granted for all operations + +`<owner>`: for native ACL, owner of volume / bucket have all access to further hierarchy + +### Volume related operation + +| `Operation` | `Volume permission` | `Bucket permission` | `Key permission` | +|--------------------------|---------------------|---------------------|------------------| +| `Create volume` | `<admin>` | | | +| `List volume` | `<admin>, <configuration: listall>` | | | +| `Get volume info` | `READ, <admin>, <owner>` | | | +| `Delete volume` | `DELETE, <admin>, <owner>` | | | +| `Set Quota` | `WRITE, <admin>, <owner>` | | | +| `Set Owner` | `WRITE_ACL, <admin>, <owner>` | | | +| `Create Tenant (and volume)` | `CREATE, <admin>, <owner>` | | | +| `Delete Tenant` | `WRITE_ACL, <admin>, <owner>` | | | +| `Read ACL` | `READ_ACL, <admin>, <owner>` | | | +| `Write ACL` | `WRITE_ACL, <admin>, <owner>` | | | + +### Bucket related operation + +| `Operation` | `Volume permission` | `Bucket permission` | `Key permission` | Review Comment: Same here for `Key permission` it's empty. ########## docs/03-core-concepts/04-security/02-acls/01-native-acls.md: ########## @@ -175,3 +175,54 @@ Ozone ACLs and S3 ACLs differ primarily in their scope and support. - Similarly, HttpFS ACL-related APIs. These limitations should be taken into account when integrating Ozone with applications that rely on S3 or file system ACL operations. + +## Permission comparison table + +The table below shows the mapping between Ozone operations and the required Native ACL permissions. + +`<admin>`: for native ACL, all access is granted for all operations + +`<owner>`: for native ACL, owner of volume / bucket have all access to further hierarchy + +### Volume related operation + +| `Operation` | `Volume permission` | `Bucket permission` | `Key permission` | Review Comment: We can remove the `Bucket permission` and `Key permission` here as it's empty. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
