You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Ethan Rose (Jira)" <ji...@apache.org> on 2021/10/20 20:42:00 UTC
[jira] [Updated] (HDDS-4655) New Native Ozone Authorizer ACL model
[ https://issues.apache.org/jira/browse/HDDS-4655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Rose updated HDDS-4655:
-----------------------------
Target Version/s: 1.3.0 (was: 1.2.0)
I am managing the 1.2.0 release and we currently have more than 600 issues targeted for 1.2.0. I am moving the target field to 1.3.0.
If you are actively working on this jira and believe this should be targeted for the 1.2.0 release, Please reach out to me via Apache email or Slack.
> New Native Ozone Authorizer ACL model
> -------------------------------------
>
> Key: HDDS-4655
> URL: https://issues.apache.org/jira/browse/HDDS-4655
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
>
> The current Native Ozone Authorize has several limitations for recursive operations
> 1. It does not support efficient recursive ACL set
> Hive uses a recursive ACL set to change the directory(table) ACLs. ONA v1 does not support this. As a result, this has been translated into recursive setAcl call individually, which is quite slow compared with HDFS.
> 2. It does not support efficient recursive ACL check
> This is required for rename/delete operations when the Trash feature is enabled on Ozone HCFS: ofs or o3fs.
> This ticket is opened to improve the native ozone authorizer for these recursive operations by deprecating per key ACL support. The new model will allow default ACLs on volume/bucket/prefix levels.
> Instead of populate ACCESS ACL upon set, the ACCESS ACL will always determined at runtime based on the DEFAULT ACLs of its parent.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org