ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-693) HDFS folder permission exclusively managed my Ranger
Date Wed, 14 Oct 2015 05:53:05 GMT

    [ https://issues.apache.org/jira/browse/RANGER-693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14956320#comment-14956320
] 

Alok Lal commented on RANGER-693:
---------------------------------

> What if it is "Exclude/Exception", which means no policies. This will/should fallback
to HDFS.

Do you mean a "deny" policy with an exception?  Yes, items that are covered by exception clause
should fall back to HDFS native ACLs (assuming no other policy grants or denies it).

> HDFS folder permission exclusively managed my Ranger
> ----------------------------------------------------
>
>                 Key: RANGER-693
>                 URL: https://issues.apache.org/jira/browse/RANGER-693
>             Project: Ranger
>          Issue Type: Improvement
>    Affects Versions: 0.5.1
>            Reporter: Don Bosco Durai
>             Fix For: 0.6.0
>
>
> In HDFS plugin, if there are no policies for the file/folder, then Ranger falls backs
to HDFS file/folder permission.
> While this is very convenient, but in some cases it is desirable that only Ranger manages
the policies. Good examples are folders like /apps/hive/warehouse or some user folders where
it is better that Ranger manages the entire permission.
> One suggestion is to mark folders which will be managed by Ranger. For these folders,
ignore all permissions and ownership set at the HDFS file/folder level.
> This will be a very useful feature for Ranger.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message