ChenSammi commented on PR #7455: URL: https://github.com/apache/ozone/pull/7455#issuecomment-2492921460
> Some suggestions for this feature. > > * Should we implement this on the server side too? In some scenarios, to update client side code is hard. To implement filter out the group ACL on the server side can easier to process some scenarios. > > * Maybe we also need to disable the key inherit ACL, including the group ACL from the parent Object (Bucket, Prefix), which may also have a lot of group ACLs. > > * If we disable the inheriting form Object ACL, then we need to implement to grant the user permissions on the key via bucket and/or prefix. thus we can control the key permissions on the bucket and prefix. But this should need a new Ozone Authorization Model implementation. It's a good point to move it to server side. The default ACLs of volume/bucket/keys are all ACCESS type, which will be not inherited. So we don't need to worry about that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
