[
https://issues.apache.org/jira/browse/HDDS-3402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siyao Meng updated HDDS-3402:
-----------------------------
Description:
Use proper ACLS for subdirectories created during create directory operation.
All subdirectories/missing directories should inherit the ACLS from the bucket
if ancestors are not present in key table. If present should inherit the ACLS
from its ancestor.
Additionally, keys and dirs directly under a bucket should inherit ACLs from
their parent bucket by default. e.g. Ranger allow policy on a *bucket* should
grant access to keys and dirs in it as well (when not explicitly denied by
other policies). Currently this is not the case: in Ranger an additional
key-level policy has to be added, for example, for clients to create new *keys*
in the bucket, even when there are allow policies on the parent bucket and
volume.
was:
Use proper ACLS for subdirectories created during create directory operation.
All subdirectories/missing directories should inherit the ACLS from the bucket
if ancestors are not present in key table. If present should inherit the ACLS
from its ancestor.
Additionally, keys and dirs directly under a bucket should inherit ACLs from
their parent bucket by default. e.g. Ranger allow policy on a *bucket* should
grant access to keys and dirs in it as well (when not explicitly denied by
another policy). Currently this is not the case: in Ranger an additional
key-level policy has to be added, for example, for clients to create new *keys*
in the bucket, even when there are allow policies on the parent bucket and
volume.
> Use proper acls for sub directories created during CreateDirectory operation
> ----------------------------------------------------------------------------
>
> Key: HDDS-3402
> URL: https://issues.apache.org/jira/browse/HDDS-3402
> Project: Apache Ozone
> Issue Type: Bug
> Components: Ozone Manager
> Reporter: Bharat Viswanadham
> Assignee: Ashish Kumar
> Priority: Blocker
> Labels: TriagePending
>
> Use proper ACLS for subdirectories created during create directory operation.
> All subdirectories/missing directories should inherit the ACLS from the
> bucket if ancestors are not present in key table. If present should inherit
> the ACLS from its ancestor.
> Additionally, keys and dirs directly under a bucket should inherit ACLs from
> their parent bucket by default. e.g. Ranger allow policy on a *bucket* should
> grant access to keys and dirs in it as well (when not explicitly denied by
> other policies). Currently this is not the case: in Ranger an additional
> key-level policy has to be added, for example, for clients to create new
> *keys* in the bucket, even when there are allow policies on the parent bucket
> and volume.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
