Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-3402

Use proper acls for sub directories created during CreateDirectory operation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Blocker
    • Resolution: Unresolved
    • None
    • None
    • Ozone Manager

    Description

      Use proper ACLS for subdirectories created during create directory operation.

      All subdirectories/missing directories should inherit the ACLS from the bucket if ancestors are not present in key table. If present should inherit the ACLS from its ancestor.

      Additionally, keys and dirs directly under a bucket should inherit ACLs from their parent bucket by default. e.g. Ranger allow policy on a bucket should grant access to keys and dirs in it as well (when not explicitly denied by other policies). Currently this is not the case: in Ranger an additional key-level policy has to be added, for example, for clients to create new keys in the bucket, even when there are allow policies on the parent bucket and volume. (LEGACY/OBS buckets doesn't require this extra key-level policy. And this deviation leads to different ACL behavior between FSO and LEGACY/OBS buckets.)

      Attachments

        Issue Links

          Discovered while testing

          Sub-task - The sub-task of the issue HDDS-7496 Make default bucket layout FSO in a backwards compatible way

          • Major - Major loss of function.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. HDDS-2939 Ozone FS namespace

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              ashishk Ashish Kumar
              bharat Bharat Viswanadham
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: