[jira] [Updated] (HDDS-7461) NativeACL: Refine parent context right when CRATE_BUCKET

Hongbing Wang (Jira) Sun, 06 Nov 2022 02:13:06 -0800


     [ 
https://issues.apache.org/jira/browse/HDDS-7461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Hongbing Wang updated HDDS-7461:
--------------------------------
    Summary: NativeACL: Refine parent context  right when CRATE_BUCKET  (was: 
Change parent context  right WRITE to CREATE when CRATE_BUCKET )

> NativeACL: Refine parent context  right when CRATE_BUCKET
> ---------------------------------------------------------
>
>                 Key: HDDS-7461
>                 URL: https://issues.apache.org/jira/browse/HDDS-7461
>             Project: Apache Ozone
>          Issue Type: Improvement
>            Reporter: Hongbing Wang
>            Priority: Major
>              Labels: pull-request-available
>
> The current Native ACL has the problem of permission enlargement.
> When we grant `user1` WRITE permission to `/vol1/buk1`, the permissions we 
> must grant to `user1` are:
>  * WRITE permission for `vol1`
>  * WRITE permission for `buk1`
> This allows `user1` to create other buckets on `vol1` at will, which is not 
> what we expected.
> It's better to check user1's CREATE permission on vol1 when `user1` wants to 
> create buckets. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDDS-7461) NativeACL: Refine parent context right when CRATE_BUCKET

Reply via email to