You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Attila Doroszlai (Jira)" <ji...@apache.org> on 2023/02/17 16:34:00 UTC
[jira] [Updated] (HDDS-7461) NativeACL: Require CREATE right on volume instead of WRITE for CREATE_BUCKET operation
[ https://issues.apache.org/jira/browse/HDDS-7461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Attila Doroszlai updated HDDS-7461:
-----------------------------------
Summary: NativeACL: Require CREATE right on volume instead of WRITE for CREATE_BUCKET operation (was: NativeACL: Refine parent context right when CRATE_BUCKET)
> NativeACL: Require CREATE right on volume instead of WRITE for CREATE_BUCKET operation
> --------------------------------------------------------------------------------------
>
> Key: HDDS-7461
> URL: https://issues.apache.org/jira/browse/HDDS-7461
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Hongbing Wang
> Assignee: Hongbing Wang
> Priority: Major
> Labels: pull-request-available
>
> The current Native ACL has the problem of permission enlargement.
> When we grant `user1` WRITE permission to `/vol1/buk1`, the permissions we must grant to `user1` are:
> * WRITE permission for `vol1`
> * WRITE permission for `buk1`
> This allows `user1` to create other buckets on `vol1` at will, which is not what we expected.
> It's better to check user1's CREATE permission on vol1 when `user1` wants to create buckets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org