[RANGER-2933] [Ranger Ozone Plugin] $USER Placeholder is not honoured in KEY resource path, Policy User Items - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Bug
Affects Version/s: 2.1.0
Fix Version/s: None
Component/s: plugins
Labels:
- ranger

Description

Observed that $USER placeholder is not enforced while using it in either in KEY value or User's value in Policy Item.

Test Policy:

1. Resources: 
   volume - test-volume
   bucket - test-bucket
   key - user/$USER, user/$USER/*

2. Policy Item:
   User: $USER
   Permissions: All

Expected Result:

Any user should be able to create user home directory

Actual Result:

The user is denied permission to create key.

[root@quasar-tyedwn-1 keytabs]# ozone fs -mkdir -p o3fs://test-bucket.test-volume.ozone1/user/hrt_1 
mkdir: User hrt_1@AD.HALXG.CLOUDERA.COM doesn't have CREATE permission to access key

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

$USER_Policy.png
29/Jul/20 16:20
474 kB
Abhishek Shukla
User_Policy_Audit.png
29/Jul/20 16:20
162 kB
Abhishek Shukla

Activity

People

Assignee:: Unassigned

Reporter:: Abhishek Shukla

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Jul/20 16:20

Updated:: 27/Apr/21 08:47

Resolved:: 30/Jul/20 03:54