You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (Jira)" <ji...@apache.org> on 2022/03/10 02:08:00 UTC
[jira] [Updated] (RANGER-3657) Support for recursive ACL check for subpaths in Ozone plugin
[ https://issues.apache.org/jira/browse/RANGER-3657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Polavarapu updated RANGER-3657:
---------------------------------------
Attachment: 0001-RANGER-3657-Recursive-delete-support-with-end-to-end.patch
> Support for recursive ACL check for subpaths in Ozone plugin
> ------------------------------------------------------------
>
> Key: RANGER-3657
> URL: https://issues.apache.org/jira/browse/RANGER-3657
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Attachments: 0001-RANGER-3657-Recursive-delete-support-with-end-to-end.patch
>
>
> This task is to implement {{recursive}} ACL check in {{{}RangerOzoneAuthorizer{}}}, using the below interface. OzoneRanger can build an optimized recursive ACL check similar to HDFS - [Reference|https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L444]
>
> {code:java}
> IAccessAuthorizer#checkAccess(IOzoneObj ozoneObject, RequestContext context)
> public class RequestContext {
> …...
> /**
> * Represents recursive access check required for all the sub-paths of the
> * given path. If the given path is not a directory, there is no effect for
> * this flag. A true value represents recursive check, false represents
> * non-recursive check.
> */
> private final boolean recursiveAccessCheck; // introducing new attribute for recursive access checks.
> }{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)