sumitagrawl commented on PR #4439: URL: https://github.com/apache/ozone/pull/4439#issuecomment-1480545634
> Thanks @sumitagrawl for filing this PR. This PR is for a change to the native acls. In the Jira we discussed restricting quota setting and clearing for RANGER to owners and admin. You said that we did not need to make any changes to limit to owner and admin with Ranger. How is that? With RANGER, if a user has a write access policy for the volume / bucket, does the user also have permission to set/clr quotas? We would like to set the policy so that the user has write access but only owners/admin users can alter / set the quotas. Is that what you have in mind for Ranger acls? @neils-dev - Earlier we had problem with Native ACL, where user having permission for key to create/write also need WRITE permission for bucket, and so for Volume. So any user who needs to operate keys can also update bucket and volume quota. This is an issue,. - Ranger ACL do not have this problem, users with operating keys/prefix/files **do not** need have WRITE permission for bucket/volume. So we have restricted only for Native ACL and removed un-necessary permission for bucket and volume for write as updated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
