hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weiwei Yang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12147) Ozone: KSM: Add checkBucketAccess
Date Tue, 18 Jul 2017 09:27:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091335#comment-16091335

Weiwei Yang commented on HDFS-12147:

Hi [~nandakumar131]

Thank you. But even we want to expose them to clients, the API arguments still look odd to
me. How would a client to compose an OzoneAcl in the request when it wants to check a certain
access? Semantically we often check against an {{User Identity}} and an {{operation}} (e.g
read/write/delete). Use this patch, does it work like following?

Suppose a bucket has following ACL


and a client pass an OzoneAcl like following


this means I want to check if user mike has the write permission to the bucket? And this case
it has the access.

What if the bucket ACL is like following


and mike belongs to hadoop group, when I verify {{user:mike:w}}, will it give me an access
control exception?

> Ozone: KSM: Add checkBucketAccess
> ---------------------------------
>                 Key: HDFS-12147
>                 URL: https://issues.apache.org/jira/browse/HDFS-12147
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: ozone
>            Reporter: Nandakumar
>            Assignee: Nandakumar
>         Attachments: HDFS-12147-HDFS-7240.000.patch, HDFS-12147-HDFS-7240.001.patch
> Checks if the caller has access to a given bucket.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message