[
https://issues.apache.org/jira/browse/HDDS-8864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HDDS-8864:
---------------------------------
Labels: pull-request-available (was: )
> Remove redundant checkAcls() when caller is volume owner during key or prefix
> access
> ------------------------------------------------------------------------------------
>
> Key: HDDS-8864
> URL: https://issues.apache.org/jira/browse/HDDS-8864
> Project: Apache Ozone
> Issue Type: Task
> Reporter: Siyao Meng
> Assignee: Siyao Meng
> Priority: Major
> Labels: pull-request-available
>
> It is unnecessary to call checkAcls() twice when caller is volume owner in
> {{OzoneAclUtils#checkAllAcls}}.
> Because the reason we had to split that into two calls in HDDS-5903 is
> because Ranger only has one OWNER tag, and that we want OWNER tag on
> bucket/key level policies to be filled in with the *bucket* owner during ACL
> check if the caller is NOT the volume owner.
> In the case where the caller is *volume* owner, this hierarchy is already
> enforced by the authorizer (OzoneNativeAuthorizer or RangerOzoneAuthorizer)
> internally. Thus it is unnecessary.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
