falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pallavi Rao <pallavi....@inmobi.com>
Subject Re: [Discuss] : Should a non-superuser be allowed to update ACL of feed or process entity
Date Tue, 15 Sep 2015 04:28:51 GMT
Agree that "user2" shouldn't be allowed to just update the entity and
change the ownership. All the more reason to have a separate Auth API,
rather than embed the ACL in the entity itself. Such issues can be handled
in a much cleaner way.


On Tue, Sep 15, 2015 at 3:12 AM, Balu Vellanki <bvellanki@hortonworks.com>

> Hi Team,
> Today, Feed/Process entities have ACL with owner and group. Support for
> permissions is not implemented yet. Any user who is the owner OR who
> belongs to the group can update/delete/suspend the entity.
> If two users "user1" and "user2" belong to same group "users" and the
> falcon entity ACL is <ACL owner="user1" group="users" permission="*"/>,
> then user2 can update the falcon entity and claim ownership of this entity.
> I believe that user2 should not be allowed to do so unless it is
> superuser.  Similar behavior is not allowed in HDFS.  Please comment if you
> disagree.
> https://issues.apache.org/jira/browse/FALCON-1340
> Thanks
> Balu Velalnki

The information contained in this communication is intended solely for the 
use of the individual or entity to whom it is addressed and others 
authorized to receive it. It may contain confidential or legally privileged 
information. If you are not the intended recipient you are hereby notified 
that any disclosure, copying, distribution or taking any action in reliance 
on the contents of this information is strictly prohibited and may be 
unlawful. If you have received this communication in error, please notify 
us immediately by responding to this email and then delete it from your 
system. The firm is neither liable for the proper and complete transmission 
of the information contained in this communication nor for any delay in its 

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message