You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Don Bosco Durai (JIRA)" <ji...@apache.org> on 2015/08/13 23:00:45 UTC
[jira] [Commented] (RANGER-612) Update HDFS plugin to fallback to
hadoop-acl only when there is no Ranger policy to determine the
authorization
[ https://issues.apache.org/jira/browse/RANGER-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14695935#comment-14695935 ]
Don Bosco Durai commented on RANGER-612:
----------------------------------------
[~madhan@apache.org], what if there are no deny policies or policy items, in this case do we go to HDFS level? What if there are split permissions. Ranger has part and there are few in HDFS?
> Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization
> ---------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-612
> URL: https://issues.apache.org/jira/browse/RANGER-612
> Project: Ranger
> Issue Type: Sub-task
> Components: plugins
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Fix For: 0.5.0
>
>
> Currently (ranger-0.5), Ranger HDFS plugin does a fallback to hadoop-acl when Ranger policies do not allow the requested access. This should be updated to fallback only when Ranger policies do not determine the authorization i.e. there is no Ranger policy to either ALLOW or DENY the access. This fix is required to support scenarios where Ranger policies can DENY the access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)