Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
If a cluster admin or tenant admin wants the bucket owner (who is a regular tenant user without superuser privileges) to be able to edit their own bucket's policy, an admin needs to manually create a new Ozone policy in Ranger for that bucket, explicitly granting the bucket owner ALL permission on the bucket and making the bucket owner a "delegated admin" for that policy. (Note: the flexible OWNER tag cannot be used in this policy.)
With this new policy, as long as the bucket owner can log in to the Ranger Web UI, he/she could edit this bucket policy on his own, for example, to share the bucket with others without an admin's manual intervention.
We are not providing a dedicated multi-tenancy CLI for that.
CC ppogde
Attachments
Issue Links
- links to