Good suggestion. HDFS fallback permission does create confusion for users,
it is better to restrict it to certain folders
There is a still an issue of figuring our existing permissions for a given
folder/file. We should include a separate JIRA to modify our reporting tool
to give accurate picture on existing permissions for HDFS files/folders. In
this case, Ranger should interpret both HDFS and Ranger permissions for
folder where fallback is allowed.
On Mon, Oct 12, 2015 at 3:14 PM, Don Bosco Durai (JIRA) <jira@apache.org>
wrote:
> Don Bosco Durai created RANGER-693:
> --------------------------------------
>
> Summary: HDFS folder permission exclusively managed my Ranger
> Key: RANGER-693
> URL: https://issues.apache.org/jira/browse/RANGER-693
> Project: Ranger
> Issue Type: Improvement
> Affects Versions: 0.5.1
> Reporter: Don Bosco Durai
> Fix For: 0.6.0
>
>
> In HDFS plugin, if there are no policies for the file/folder, then Ranger
> falls backs to HDFS file/folder permission.
>
> While this is very convenient, but in some cases it is desirable that only
> Ranger manages the policies. Good examples are folders like
> /apps/hive/warehouse or some user folders where it is better that Ranger
> manages the entire permission.
>
> One suggestion is to mark folders which will be managed by Ranger. For
> these folders, ignore all permissions and ownership set at the HDFS
> file/folder level.
>
> This will be a very useful feature for Ranger.
>
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>
|