Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-1796

Add admin access check for write opertaions in SCMClientProtocolServer and SCMBlockProtocolServer

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.4.0
    • 1.4.0
    • SCM

    Description

      SCM side currently doesn't support fine grained user access control. It can only tell if the user behinds a client is a admin or not. So for write operations in SCMClientProtocolServer and SCMBlockProtocolServer, only admins are allowed. For read operations, it doesn't have such check. The goal of the admin check is to prevent authorized user to start resource consuming actions or critical actions on SCM, such as add new scm, decommission scm, delete container, delete block, etc.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. HDDS-9376 Ozone put key failed with SCM superuser privilege error

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HDDS-9403 Add admin access check for allocateBlock and deleteKeyBlocks

          • Major - Major loss of function.
          • Open
          links to

          Web Link GitHub Pull Request #5203

          Activity

            People

              deveshsingh Devesh Kumar Singh
              msingh Mukul Kumar Singh
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: