captainzmc edited a comment on pull request #918:
URL: https://github.com/apache/hadoop-ozone/pull/918#issuecomment-628387987
> Ozone supports Ranger Authorizer for ACLs and whitelisting users to access
all keys can easily be achieved by creating a Ranger policy or adding users to
an existing Ranger policy. For Ozone native authorizer, we already have
ozone.administrators who should be able to access all keys. I don't understand
the need for this new white list.
>
> @xiaoyuyao Please correct me if I am wrong.
Hi @vivekratnavel, Very thanks for your discussion. Your tips are very
helpful for me.
Currently, ranger is not enabled in our cluster, we use native acl.
Ozone Administrators might overlap with this whitelist. Instead of adding a
white list, we can improve the functionality of Ozone Administrators.
After testing, I found that the current ozone Administrators cannot
access all keys. Administrators of ozone are also checked for permissions. Is
this a bug? In HDFS, Administrators can able to access all files,and HDFS does
not check permissions of Administrators.
I can change this PR to make sure Administrators can access all keys.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
