[
https://issues.apache.org/jira/browse/HDDS-8021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17736232#comment-17736232
]
Prashant Pogde commented on HDDS-8021:
--------------------------------------
Resolving this with the current behavior for Snapshot ACLs as described above.
> [Snapshot] Document snapshot access ACL behavior
> ------------------------------------------------
>
> Key: HDDS-8021
> URL: https://issues.apache.org/jira/browse/HDDS-8021
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Siyao Meng
> Priority: Major
>
> (Current design, not final unless resolved)
> For OzoneNativeAuthorizer, Ozone directly checks against the native ACL
> inside the snapshot checkpoint DB. This implies the captured native ACL is
> immutable because currently Ozone supports read-only snapshots only.
> For RangerOzoneAuthorizer, Ozone first checks against the path inside the
> snapshot. If the explicit policy on the snapshot path doesn't exist, Ozone
> Manager checks access against the policy on the regular path instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
