[AMBARI-14228] Ambari Files View ignores alternate HDFS authorization mechanisms - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.2
Fix Version/s: 2.2.0
Component/s: ambari-views
Labels:
None

Description

PROBLEM: In the files view Ambari only seems to be looking at user, group, mode which comes back from a GETSTATUS call and making the access decision based on that in the client.
Doing it this way completely ignores alternate authorization mechanisms like HDFS ACLs and Ranger. Particularly with HDFS' new pluggable interface for authorization in Hadoop 2.7 this problem could get worse down the road.
Ambari needs to deal with this in a uniform way so the user gets all of the access coming to them.
BUSINESS IMPACT: Ambari files view is potentially useless to customers who have built an authorization model on anything other than user/group/mode, such as Ranger or HDFS ACLs
EXPECTED RESULTS: The user should see no difference in their privilege level between Ambari Files View and FSShell.
ACTUAL RESULTS: Only user/group/mode are considered in files view

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-14228_branch-2.1.patch
05/Dec/15 08:35
21 kB
DIPAYAN BHOWMICK

Issue Links

links to

Review Board Link

Activity

People

Assignee:: DIPAYAN BHOWMICK

Reporter:: DIPAYAN BHOWMICK

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Dec/15 08:22

Updated:: 05/Dec/15 22:32

Resolved:: 05/Dec/15 19:57