[
https://issues.apache.org/jira/browse/HDDS-3572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
mingchao zhao updated HDDS-3572:
--------------------------------
Description:
After our cluster is acl-enabled, the original user cannot continue to access
his or her key. Because the acl of the old key (created by s3g) has been set to
start the user for s3g.
For access all the keys, we need to increase the user's access to all the keys.
Usually there are a lot of keys in a cluster, so it's very difficult to add
permissions to all keys.
For now, we're trying to use Administrators, but I found that the current ozone
Administrators cannot access all keys. Administrators of ozone are also checked
for permissions. In HDFS, dfs.cluster.administrators can able to access all
files.
was:
After our cluster is acl-enabled, the original user cannot continue to access
his or her key. Because the acl of the old key (created by s3g) has been set to
start the user for s3g.
For access all the keys, we need to increase the user's access to all the keys.
Usually there are a lot of keys in a cluster, so it's very difficult to add
permissions to all keys.
For now, we're trying to use Administrators, but I found that the current ozone
Administrators cannot access all keys. Administrators of ozone are also checked
for permissions. In HDFS, Administrators can able to access all files,and HDFS
does not check permissions of Administrators.
> Make sure ozone. administrators have access to all keys when acl enabled.
> --------------------------------------------------------------------------
>
> Key: HDDS-3572
> URL: https://issues.apache.org/jira/browse/HDDS-3572
> Project: Hadoop Distributed Data Store
> Issue Type: Improvement
> Components: om
> Reporter: mingchao zhao
> Priority: Major
> Labels: pull-request-available
>
> After our cluster is acl-enabled, the original user cannot continue to access
> his or her key. Because the acl of the old key (created by s3g) has been set
> to start the user for s3g.
> For access all the keys, we need to increase the user's access to all the
> keys. Usually there are a lot of keys in a cluster, so it's very difficult to
> add permissions to all keys.
> For now, we're trying to use Administrators, but I found that the current
> ozone Administrators cannot access all keys. Administrators of ozone are also
> checked for permissions. In HDFS, dfs.cluster.administrators can able to
> access all files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
