[HDFS-14743] Enhance INodeAttributeProvider/ AccessControlEnforcer Interface in HDFS to support Authorization of mkdir, rm, rmdir, copy, move etc... - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.1.0
Fix Version/s: 3.3.0
Component/s: hdfs
Labels:
None

Release Note:
A new INodeAttributeProvider API checkPermissionWithContext(AuthorizationContext) is added. Authorization provider implementations may implement this API to get additional context (operation name and caller context) of an authorization request.

Description

Enhance INodeAttributeProvider / AccessControlEnforcer Interface in HDFS to support Authorization of mkdir, rm, rmdir, copy, move etc..., this should help the implementors of the interface like Apache Ranger's HDFS Authorization plugin to authorize and audit those command sets.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-14743 Enhance INodeAttributeProvider_ AccessControlEnforcer Interface.pdf
11/Dec/19 22:01
68 kB
Wei-Chiu Chuang

Issue Links

breaks

HDFS-15269 NameNode should check the authorization API version only once during initialization

Resolved

is related to

HDFS-15234 Add a default method body for the INodeAttributeProvider#checkPermissionWithContext API

Resolved

links to

GitHub Pull Request #1829

Activity

People

Assignee:: Wei-Chiu Chuang

Reporter:: Ramesh Mani

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 16/Aug/19 18:52

Updated:: 08/Apr/20 12:59

Resolved:: 14/Mar/20 01:52