[
https://issues.apache.org/jira/browse/HDDS-3572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
mingchao zhao updated HDDS-3572:
--------------------------------
Description:
After our cluster is acl-enabled, the original user cannot continue to access
his or her key. Because the acl of the old key (created by s3g) has been set to
start the user for s3g.
For access all the keys, we need to increase the user's access to all the keys.
Usually there are a lot of keys in a cluster, so it's very difficult to add
permissions to all keys.
For now, we're trying to use Administrators, but I found that the current ozone
Administrators cannot access all keys. Administrators of ozone are also checked
for permissions. In HDFS, Administrators can able to access all files,and HDFS
does not check permissions of Administrators.
was:
In some cases, a particular user need to access all the keys.
When acl enabled, if there is a user needed access all the keys. We need to
increase the user's access to all the keys. Usually there are a lot of keys in
a cluster, so it's very difficult to add permissions to all keys. So a
whitelist needed. Users in this list will not be checked for permissions.
I found that the current ozone Administrators cannot access all keys.
Administrators of ozone are also checked for permissions. In HDFS,
Administrators can able to access all files,and HDFS does not check permissions
of Administrators.
> Make sure ozone. administrators have access to all keys when acl enabled.
> --------------------------------------------------------------------------
>
> Key: HDDS-3572
> URL: https://issues.apache.org/jira/browse/HDDS-3572
> Project: Hadoop Distributed Data Store
> Issue Type: Improvement
> Components: om
> Reporter: mingchao zhao
> Priority: Major
> Labels: pull-request-available
>
> After our cluster is acl-enabled, the original user cannot continue to access
> his or her key. Because the acl of the old key (created by s3g) has been set
> to start the user for s3g.
> For access all the keys, we need to increase the user's access to all the
> keys. Usually there are a lot of keys in a cluster, so it's very difficult to
> add permissions to all keys.
> For now, we're trying to use Administrators, but I found that the current
> ozone Administrators cannot access all keys. Administrators of ozone are also
> checked for permissions. In HDFS, Administrators can able to access all
> files,and HDFS does not check permissions of Administrators.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
