Siyao Meng created HDDS-8864:
--------------------------------
Summary: Remove redundant checkAcls() call when caller is volume
owner during key or prefix access
Key: HDDS-8864
URL: https://issues.apache.org/jira/browse/HDDS-8864
Project: Apache Ozone
Issue Type: Task
Reporter: Siyao Meng
Assignee: Siyao Meng
It is unnecessary to call checkAcls() twice when caller is volume owner in
{{OzoneAclUtils#checkAllAcls}}.
Because the reason we had to split that into two calls in HDDS-5903 is because
Ranger only has one {OWNER} tag, and that we want {OWNER} tag on bucket/key
level policies to be filled in with the *bucket* owner during ACL check if the
caller is NOT volume owner.
In the case where the caller is *volume* owner, this hierarchy is already
enforced by the authorizer (OzoneNativeAuthorizer or RangerOzoneAuthorizer)
internally. Thus it is unnecessary.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
