Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Bug
-
2.1.0
-
None
-
None
Description
Test Policy Contents:
{
"resources": {
"volume": {
"values": [
"volume-ojzj-1",
"volume-ojzj-2"
],
"isExcludes": false,
"isRecursive": false
},
"bucket": {
"values": [
"bucket-jezv-1",
"bucket-jezv-2"
],
"isExcludes": false,
"isRecursive": false
},
"key": {
"values": [
"key-wssb_1",
"key-wssb_2"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "read",
"isAllowed": true
},
{
"type": "write",
"isAllowed": true
},
{
"type": "create",
"isAllowed": true
},
{
"type": "delete",
"isAllowed": true
}
],
"users": [
"hrt_qa"
],
"groups": [],
"roles": [],
"conditions": [],
"delegateAdmin": false
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"serviceType": "ozone",
"options": {},
"validitySchedules": [],
"policyLabels": [],
"zoneName": "",
"isDenyAllElse": false
}
Ozone Client Commands:
$ ozone sh volume create o3://ozone1/volume-ojzj-1 INFO rpc.RpcClient: Creating Volume: volume-ojzj-1, with hrt_qa as owner. PERMISSION_DENIED User hrt_qa doesn't have CREATE permission to access volume $ ozone sh volume delete o3://ozone1/volume-ojzj-1 PERMISSION_DENIED User hrt_qa doesn't have DELETE permission to access volume
Now in the same test policy, if I select bucket as none or give wildcard [*] for the bucket and key resources, the access is provided to create/delete the volume.