You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Xuze Yang (Jira)" <ji...@apache.org> on 2022/09/29 11:15:00 UTC

[jira] [Comment Edited] (RANGER-3935) In hdfs authorizer 'processResult', is accessType and action misused?

    [ https://issues.apache.org/jira/browse/RANGER-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610959#comment-17610959 ] 

Xuze Yang edited comment on RANGER-3935 at 9/29/22 11:14 AM:
-------------------------------------------------------------

[~wangning] Ranger cannot perceive the specific operation(like mkdir,delete etc.) done by the hdfs side. hdfs plugin is an implementation of INodeAttributeProvider#AccessControlEnforcer. The information can be obtained through this interface is: who? which path? Required permissions (read/write/execute).


was (Author: xuze yang):
[~wangning] Ranger cannot perceive the specific operation done by the hdfs side. hdfs plugin is an implementation of INodeAttributeProvider#AccessControlEnforcer. The information can be obtained through this interface is: who? which path? Required permissions (read/write/execute).

> In hdfs authorizer 'processResult', is accessType and action misused?
> ---------------------------------------------------------------------
>
>                 Key: RANGER-3935
>                 URL: https://issues.apache.org/jira/browse/RANGER-3935
>             Project: Ranger
>          Issue Type: Improvement
>          Components: audit
>            Reporter: wangningito
>            Priority: Major
>
> [https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L1037-L1046]
> I see action is filled into accessType while accessType field is filled with action.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)