Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.1.2
-
None
Description
PROBLEM: In the files view Ambari only seems to be looking at user, group, mode which comes back from a GETSTATUS call and making the access decision based on that in the client.
Doing it this way completely ignores alternate authorization mechanisms like HDFS ACLs and Ranger. Particularly with HDFS' new pluggable interface for authorization in Hadoop 2.7 this problem could get worse down the road.
Ambari needs to deal with this in a uniform way so the user gets all of the access coming to them.
BUSINESS IMPACT: Ambari files view is potentially useless to customers who have built an authorization model on anything other than user/group/mode, such as Ranger or HDFS ACLs
EXPECTED RESULTS: The user should see no difference in their privilege level between Ambari Files View and FSShell.
ACTUAL RESULTS: Only user/group/mode are considered in files view
Attachments
Attachments
Issue Links
- links to