[jira] [Created] (HDDS-15460) Move ACL checks for key and prefix requests to preExecute

Sergey Soldatov (Jira) Tue, 02 Jun 2026 07:35:54 -0700

Sergey Soldatov created HDDS-15460:
--------------------------------------

             Summary:  Move ACL checks for key and prefix requests to preExecute
                 Key: HDDS-15460
                 URL: https://issues.apache.org/jira/browse/HDDS-15460
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: Sergey Soldatov
            Assignee: Sergey Soldatov



  Move ACL authorization checks for key operations (delete-keys, rename-keys) 
and key/prefix ACL operations (addAcl, removeAcl, setAcl, including FSO 
variants) from validateAndUpdateCache to preExecute. This ensures access 
control is enforced before the request enters the Raft log, avoiding 
unauthorized operations being persisted.

  For bulk operations (OMKeysDeleteRequest, OMKeysRenameRequest), keys that 
fail the ACL check are collected in new proto fields (aclDeniedKeys / 
aclDeniedRenameKeys) and stripped from the batch so that the remaining 
permitted keys can still be processed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDDS-15460) Move ACL checks for key and prefix requests to preExecute

Reply via email to