You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Xuze Yang (Jira)" <ji...@apache.org> on 2022/09/29 11:15:00 UTC
[jira] [Comment Edited] (RANGER-3935) In hdfs authorizer 'processResult', is accessType and action misused?
[ https://issues.apache.org/jira/browse/RANGER-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610959#comment-17610959 ]
Xuze Yang edited comment on RANGER-3935 at 9/29/22 11:14 AM:
-------------------------------------------------------------
[~wangning] Ranger cannot perceive the specific operation(like mkdir,delete etc.) done by the hdfs side. hdfs plugin is an implementation of INodeAttributeProvider#AccessControlEnforcer. The information can be obtained through this interface is: who? which path? Required permissions (read/write/execute).
was (Author: xuze yang):
[~wangning] Ranger cannot perceive the specific operation done by the hdfs side. hdfs plugin is an implementation of INodeAttributeProvider#AccessControlEnforcer. The information can be obtained through this interface is: who? which path? Required permissions (read/write/execute).
> In hdfs authorizer 'processResult', is accessType and action misused?
> ---------------------------------------------------------------------
>
> Key: RANGER-3935
> URL: https://issues.apache.org/jira/browse/RANGER-3935
> Project: Ranger
> Issue Type: Improvement
> Components: audit
> Reporter: wangningito
> Priority: Major
>
> [https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L1037-L1046]
> I see action is filled into accessType while accessType field is filled with action.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)