xichen01 commented on PR #7455: URL: https://github.com/apache/ozone/pull/7455#issuecomment-2491621325
Some suggestions for this feature. - Should we implement this on the server side too? In some scenarios, to update client side code is hard. To implement filter out the group ACL on the server side can easier to process some scenarios. - Maybe we also need to disable the key inherit ACL, including the group ACL from the parent Object (Bucket, Prefix), which may also have a lot of group ACLs. - If we disable the inheriting form Object ACL, then we need to implement to grant the user permissions on the key via bucket and/or prefix. thus we can control the key permissions on the bucket and prefix. But this should need a new Ozone Authorization Model implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
