Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Implemented
-
None
-
None
Description
The current Native ACL has the problem of permission enlargement.
When we grant `user1` WRITE permission to `/vol1/buk1`, the permissions we must grant to `user1` are:
- WRITE permission for `vol1`
- WRITE permission for `buk1`
This allows `user1` to create other buckets on `vol1` at will, which is not what we expected.
It's better to check user1's CREATE permission on vol1 when `user1` wants to create buckets.
Attachments
Issue Links
- relates to
-
HDDS-7697 Restrict change of bucket properties to owner and admins in NativeACL
- Resolved
- links to