Gargi-jais11 commented on code in PR #289: URL: https://github.com/apache/ozone-site/pull/289#discussion_r2767476990
########## docs/03-core-concepts/03-namespace/01-volumes/02-owners.md: ########## @@ -4,4 +4,152 @@ sidebar_label: Owners # Volume Owners -**TODO:** File a subtask under [HDDS-9857](https://issues.apache.org/jira/browse/HDDS-9857) and complete this page or section. +## 1. Overview + +Every volume in Ozone has an **owner** property that identifies the user who owns the volume. The volume owner is a fundamental concept in Ozone's access control and resource management system. It plays a crucial role in determining permissions, storage accounting, and multi-tenant isolation. + +While volumes also have an `admin` field in their metadata structure, this field is stored but not functionally used by Ozone Manager for authorization or access control purposes. + +## 2. Setting the Volume Owner + +### During Volume Creation + +When creating a volume, the owner can be explicitly specified using the `--user` command-line option: + +```bash +ozone sh volume create /myvolume --user alice +``` + +If the owner is not specified during creation, Ozone automatically sets the owner to the current user creating the volume: Review Comment: I think the current wording is ambiguous. > current user is the linux user under which ozone manager is started, right? No. It’s the authenticated user identity of the CLI user. The CLI uses `UserGroupInformation.getCurrentUser().getShortUserName()` to determine the owner. > Do CLI generate owner name implicitly from linux user where CLI is triggered? It depends on the security mode: **Non-secure mode:** Yes, typically the Linux user running the CLI command. (e.g., if running as root, owner is root) **Secure mode:** No, it uses the Kerberos principal (or short name) of the authenticated user. (e.g., if authenticated as om@REALM, owner is om) I will update the doc to clarify this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
