You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Siyao Meng (Jira)" <ji...@apache.org> on 2023/02/23 22:28:00 UTC

[jira] [Created] (HDDS-8021) [Snapshot] Document snapshot access ACL behavior

Siyao Meng created HDDS-8021:
--------------------------------

             Summary: [Snapshot] Document snapshot access ACL behavior
                 Key: HDDS-8021
                 URL: https://issues.apache.org/jira/browse/HDDS-8021
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: Siyao Meng


(Current design, not final unless resolved)

For OzoneNativeAuthorizer, Ozone directly checks against the native ACL inside the snapshot checkpoint DB. This implies the captured native ACL is immutable because currently Ozone supports read-only snapshots only.

For RangerOzoneAuthorizer, Ozone first checks against the path inside the snapshot. If the explicit policy on the snapshot path doesn't exist, Ozone Manager checks access against the policy on the regular path instead.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org