You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Xuze Yang (Jira)" <ji...@apache.org> on 2022/09/29 04:44:00 UTC
[jira] [Commented] (RANGER-3935) In hdfs authorizer 'processResult', is accessType and action misused?
[ https://issues.apache.org/jira/browse/RANGER-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610791#comment-17610791 ]
Xuze Yang commented on RANGER-3935:
-----------------------------------
Yes, I think the code is confusing the two.
The action corresponds to FsAction, which is the real operation type of hdfs.
{code:java}
public enum FsAction {
NONE("---"),
EXECUTE("--x"),
WRITE("-w-"),
WRITE_EXECUTE("-wx"),
READ("r--"),
READ_EXECUTE("r-x"),
READ_WRITE("rw-"),
ALL("rwx");
...
}{code}
The accessType corresponds to the abstract operation type in the ranger policy, which is defined in RangerHadoopConstants
{code:java}
public static final String READ_ACCCESS_TYPE = "read";
public static final String WRITE_ACCCESS_TYPE = "write";
public static final String EXECUTE_ACCCESS_TYPE = "execute";{code}
By the way, there is a typo in code, 'ACCCESS' should be 'ACCESS'
> In hdfs authorizer 'processResult', is accessType and action misused?
> ---------------------------------------------------------------------
>
> Key: RANGER-3935
> URL: https://issues.apache.org/jira/browse/RANGER-3935
> Project: Ranger
> Issue Type: Improvement
> Components: audit
> Reporter: wangningito
> Priority: Major
>
> [https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L1037-L1046]
> I see action is filled into accessType while accessType field is filled with action.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)