You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Xuze Yang (Jira)" <ji...@apache.org> on 2022/09/29 04:44:00 UTC

[jira] [Commented] (RANGER-3935) In hdfs authorizer 'processResult', is accessType and action misused?

    [ https://issues.apache.org/jira/browse/RANGER-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610791#comment-17610791 ] 

Xuze Yang commented on RANGER-3935:
-----------------------------------

Yes, I think the code is confusing the two.
The action corresponds to FsAction, which is the real operation type of hdfs.
{code:java}
public enum FsAction {
    NONE("---"),
    EXECUTE("--x"),
    WRITE("-w-"),
    WRITE_EXECUTE("-wx"),
    READ("r--"),
    READ_EXECUTE("r-x"),
    READ_WRITE("rw-"),
    ALL("rwx");
    ...
}{code}
The accessType corresponds to the abstract operation type in the ranger policy, which is defined in RangerHadoopConstants
{code:java}
public static final String READ_ACCCESS_TYPE = "read";
public static final String WRITE_ACCCESS_TYPE = "write";
public static final String EXECUTE_ACCCESS_TYPE = "execute";{code}
By the way, there is a typo in code, 'ACCCESS' should be 'ACCESS'

> In hdfs authorizer 'processResult', is accessType and action misused?
> ---------------------------------------------------------------------
>
>                 Key: RANGER-3935
>                 URL: https://issues.apache.org/jira/browse/RANGER-3935
>             Project: Ranger
>          Issue Type: Improvement
>          Components: audit
>            Reporter: wangningito
>            Priority: Major
>
> [https://github.com/apache/ranger/blob/master/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java#L1037-L1046]
> I see action is filled into accessType while accessType field is filled with action.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)