ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-693) HDFS folder permission exclusively managed my Ranger
Date Wed, 14 Oct 2015 04:20:05 GMT

    [ https://issues.apache.org/jira/browse/RANGER-693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14956225#comment-14956225
] 

Don Bosco Durai commented on RANGER-693:
----------------------------------------

>Specifically if a policy exist which matches the resource being requested but if it neither
allows access nor explicitly denies access then the fallback to HDFS' native ACL would happen.
What if it is "Exclude/Exception", which means no policies. This will/should fallback to HDFS.


> HDFS folder permission exclusively managed my Ranger
> ----------------------------------------------------
>
>                 Key: RANGER-693
>                 URL: https://issues.apache.org/jira/browse/RANGER-693
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.5.1
>            Reporter: Don Bosco Durai
>             Fix For: 0.6.0
>
>
> In HDFS plugin, if there are no policies for the file/folder, then Ranger falls backs
to HDFS file/folder permission.
> While this is very convenient, but in some cases it is desirable that only Ranger manages
the policies. Good examples are folders like /apps/hive/warehouse or some user folders where
it is better that Ranger manages the entire permission.
> One suggestion is to mark folders which will be managed by Ranger. For these folders,
ignore all permissions and ownership set at the HDFS file/folder level.
> This will be a very useful feature for Ranger.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message