Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Bug
-
2.1.0
-
None
-
None
Description
Test Policy Contents:
{ "resources": { "volume": { "values": [ "volume-ojzj-1", "volume-ojzj-2" ], "isExcludes": false, "isRecursive": false }, "bucket": { "values": [ "bucket-jezv-1", "bucket-jezv-2" ], "isExcludes": false, "isRecursive": false }, "key": { "values": [ "key-wssb_1", "key-wssb_2" ], "isExcludes": false, "isRecursive": false } }, "policyItems": [ { "accesses": [ { "type": "read", "isAllowed": true }, { "type": "write", "isAllowed": true }, { "type": "create", "isAllowed": true }, { "type": "delete", "isAllowed": true } ], "users": [ "hrt_qa" ], "groups": [], "roles": [], "conditions": [], "delegateAdmin": false } ], "denyPolicyItems": [], "allowExceptions": [], "denyExceptions": [], "dataMaskPolicyItems": [], "rowFilterPolicyItems": [], "serviceType": "ozone", "options": {}, "validitySchedules": [], "policyLabels": [], "zoneName": "", "isDenyAllElse": false }
Ozone Client Commands:
$ ozone sh volume create o3://ozone1/volume-ojzj-1 INFO rpc.RpcClient: Creating Volume: volume-ojzj-1, with hrt_qa as owner. PERMISSION_DENIED User hrt_qa doesn't have CREATE permission to access volume $ ozone sh volume delete o3://ozone1/volume-ojzj-1 PERMISSION_DENIED User hrt_qa doesn't have DELETE permission to access volume
Now in the same test policy, if I select bucket as none or give wildcard [*] for the bucket and key resources, the access is provided to create/delete the volume.